The feature provides safeguards against account takeover by prompting the user for confirmation during certain transactions deemed important enough to warrant special care. In such scenarios, a protected security environment displays the confirmation message to the user in such a way as to guarantee that the message hasn’t been corrupted by malicious software.
To use Android Protected Confirmation, an app generates a key in the hardware-protected Android Keystore. The app transmits an attestation certificate that certifies that the key can only be used to sign Protected Confirmations. Later when a user confirms a transaction prompt by double pressing the power button, a signed assertion is generated to provide a “what-you-see-is-what-you-sign” interaction. The added confidence of Protected Confirmation can serve to boost security in various use cases, such as person-to-person money transfers, authentication, and medical device control.
Rewind to a few years ago, when Nok Nok worked with Trusted Execution Environment (TEE) vendors to develop a proof-of-concept showcasing exactly this concept. The notion of a tamper-proof transaction display is built in to FIDO, which can completely shut down the possibility of a user being phished to divulge their credentials.
Protected Confirmation is currently implemented only on the Google Pixel 3, although other device vendors may follow suit. However, the FIDO standard, which is supported across all operating systems and mobile devices, encapsulates this protected confirmation functionality (dubbed “Transactions” in FIDO parlance).
Though welcome and necessary, rapid changes in platform security features make it a challenge for app developers to keep up. Using FIDO authentication is one way to deal with this rapid change; by leveraging the latest security features, app developers can get back to developing the non-security features of their core product. Additionally, with FIDO you don’t need to change your app or backend infrastructure to take advantage of the mix of security capabilities available now and in the future.