Joe Maring / Android Authority
TL;DR
- Google has announced a new OS verification tool for Android 17.
- In addition to looking for on-device red flags, the tool incorporates a verification mode that requires a second device.
- While not yet functional, we’re starting to get a look at how this two-device workflow will operate.
Knowing that the software running on your phone is coming from a trusted source is probably the single most important thing you can do to keep your device safe. Google already gives us plenty of tools for keeping on top of that, from Android Verified Boot to Pixel Binary Transparency. Earlier this month, the company shared that it was cooking up a new way for users to verify the integrity of their OS, set to arrive with Android 17. And thanks to yesterday’s release of QPR1 Beta 3, we’re now getting an early look at how that’s taking shape.
Even though tools to verify firmware already exist, actually taking advantage of them has been… complicated, to put it mildly. Unless you were a developer, or a user with particularly acute security concerns, the very manual authentication process probably wasn’t worth your time. But with Android 17’s OS verification screen, Google’s beginning to streamline that process.
Don’t want to miss the best from Android Authority?
Here’s the new OS verification screen Google’s adding to Android 17:
AssembleDebug / Android Authority
Hitting that “About” button at the bottom, we’re able to see Google’s documentation for the tool:
We also see a large number of text strings that appear to describe the workflow for using the verification system:
Code
Use a computer, tablet, or phone you trust.
Another device with a browser
You can double-check if your Android version is authentic by using a trusted second device.
Verify with another device
On your other device, go to the URL shown on the next screen.
Using this device, scan the QR code that appears on your other device.
Check that the information on both screens is identical.
I'm ready
Using your other device, scan this QR code or enter the web address below. Follow the instructions, then return here to continue.
Visit this web address with your other device
Check that you're on the right web address
This sends over your device's unique information known as identifiers for the other device to verify.
Scan the QR code on your other device
This may take a few moments
Sending your device information…
Compare the device information below with those on your other device to make sure they match.
Verification complete
If the information on both devices do not match, this device may be using an unsafe version of Android with security risks.
What you'll need Basically, you’ll need two devices: one you already trust, and one you’re looking to verify. Once you get the process started, the device to be verified will generate a unique identifier based on the software it’s running, and then share that with your trusted device by way of a QR code. Then you’ll need to compare the information shown on-screen on both devices — if it matches, everything’s fine. If it doesn’t, you may be dealing with a compromised OS install.
Right now, we’re not yet able to see more of this process in action.
AssembleDebug / Android Authority
Attempts to scan the QR code seem to get hung up on there not being any app assigned yet to handle that transparency:// protocol. Whether that’s eventually going to be its own standalone app, or something baked into another, we can’t yet say.
Hopefully, we’ll start to get an even more complete picture of this feature — including the opportunity to see it successfully in action — with a future Android Beta release.
⚠️ An APK teardown helps predict features that may arrive on a service in the future based on work-in-progress code. However, it is possible that such predicted features may not make it to a public release.
Thank you for being part of our community. Read our Comment Policy before posting.