In the summer of 2018, Google engaged NCC Group to conduct a security assessment of the Android Cloud Backup/Restore feature, which premiered in Android Pie. This engagement focused on a threat model that included attacks by rogue Google employees (or other malicious insiders) with privileges up to and including root-in-production. The Android backup/restore feature is only one potential use-case for the key protection mechanisms which are part of Google’s Cloud Key Vault project, so the overall goal of our work was to analyze the security of the component systems and services of Google Cloud Key Vault as a whole. While NCC Group analyzed Google Cloud Key Vault’s security posture holistically, the team most closely examined threats which could result in gaining access to cryptographic key material used to protect the user’s backup data.
NCC Group conducted this assessment between July 9 and August 3, 2018, primarily on-site at Google’s Mountain View, CA campus.