Android 15’s Contact Keys is a step towards Apple-like protection from cyber attacks (APK teardown)

4 months ago 108
Pixel 8 Pro vs iPhone 15 Pro camera shootout

Robert Triggs / Android Authority

TL;DR

  • Android 15 introduced a new API to facilitate end-to-end encryption in apps. The Contact Keys Manager API gives users a centralized way to manage and verify their contacts’ public keys.
  • The latest Google Play Services beta update contains hints that showcase how this Contact Keys feature will work.
  • Apple introduced a similar feature called Contact Key Verification with iOS 17.2, which also features automatic notifications and other extras.

Android 15‘s first beta introduced a new E2eeContactKeysManager API, which is said to facilitate end-to-end encryption (E2EE) in Android apps by providing an “OS-level API for the storage of cryptographic public keys.” Google notes that the API is designed to integrate with the “platform contacts app” to give users a “centralized way to manage and verify their contact’s public keys.” We now have some more info on how the user-facing elements will work for Contact Keys, potentially building up Android as a better competitor against Apple for sophisticated cyberattacks.

An APK teardown helps predict features that may arrive on a service in the future based on work-in-progress code. However, it is possible that such predicted features may not make it to a public release.

While Android 15 introduced the API, Google Play Services will handle the functionality related to Contact Keys. We’ve spotted new activities and strings in the latest Google Play Services beta that give us a clue about how the feature will work.

Starting off with the activities, we’ve spotted three of them within Play Services: one for onboarding, one for showing the QR code, and one for scanning the QR code.

Android 15 Google Contact Keys

Next, we found plenty of strings, which help us piece together how the feature could work:

Code

<string name="contactkeys_scan_qr_btn_scan">Scan code</string> <string name="contactkeys_scan_qr_btn_show">Show code</string> <string name="contactkeys_scan_qr_text_view_desc">Scan the QR code on this contact's phone. This will confirm encryption between your phones for all end-to-end encrypted apps. To do this, they'll need to open the Google Contacts app > Contacts settings > Your info.</string> <string name="contactkeys_scan_qr_text_view_title">Confirm end-to-end encryption</string> <string name="contactkeys_show_qr_code_no_selfkeys">No keys to verify.</string> <string name="contactkeys_show_qr_text_view_show_numbers">Show numbers</string> <string name="contactkeys_show_qr_text_view_desc">Ask this contact to scan your code here, which you can also access from Contacts Settings > Your Info. You can also compare the app specific numbers instead.</string> <string name="contactkeys_lookupkey_required">Error starting key verification, no contact specified</string>

As we can learn from the strings, the Contact Keys feature will rely heavily on the Google Contacts app for its UX. Users who want to confirm that all their E2E apps are actually encrypted can scan the QR code present on the other person’s Google Contacts app. Alternatively, the strings hint that you could also compare the app-specific numbers instead to reassure yourself about the encryption status.

Apple has a similar feature on iOS called Contact Key Verification, which was added in iOS 17.2. Contact Key Verification lets you receive automatic alerts that help verify that you are communicating only with the people you intend to communicate with. By verifying the encryption status, you can reassure yourself that you are not being targeted by any sophisticated cyber attack.

Contact Key Verification on iOS 17.2

Contact Key Verification on iOS 17.2

If you want to learn more, Apple’s security blog post goes into more detail about Contact Key Verification.

We expect Google’s Contact Keys to be on similar lines, albeit at an earlier stage of progress. The strings don’t indicate any automatic messages being sent out like you can with iMessage Contact Key Verification. This can change for the better in the future, but it’s still a good step forward in its current form.

Got a tip? Talk to us! Email our staff at [email protected]. You can stay anonymous or get credit for the info, it's your choice.

Read Entire Article