Skip to main content
  1. Home
  2. Mobile
  3. News

Say goodbye to passwords on Android: Trust API could launch by the end of the year

Robert Nazarian
By

chase bank eatm fraud news smartphone banking app password 123rf 26463673 ml
tashka2000 / 123RF Stock Photo
Typing passwords might be the biggest nuisance on mobile devices, and Google wants to kill them for good. Last week at Google I/O 2016, Daniel Kaufman, the head of Google’s Advanced Technology and Projects research unit (ATAP) updated us on Project Abacus, Google’s software-only plan to eliminate the need to enter passwords.

Announced at last year’s Google I/O, Project Abacus works by accumulating data about you such as the particular times and locations you might use an app, as well as your voice and face to derive a Trust Score. This Trust Score is then used to determine if it’s indeed you. If so, you won’t have to enter a password, and if not, well, you get the gist. Financial apps would require a very high Trust Score, while games and such wouldn’t be as stringent.

Recommended Videos

Engineers in Google’s search and machine intelligence teams created the Trust API, which will be tested at select banks starting in June. If all goes well, it’ll get released to all Android developers by the end of the year. As many as 33 universities across 28 states already ran trials last year.

Related

Google has dabbled in this area with Smart Lock, which was introduced in Android Lollipop. It allows you to automatically unlock your Android phone or tablet if you’re connected to a trusted Wi-Fi network or Bluetooth device. Another method is two-factor authentication, which is the practice of generating a unique PIN through an email or SMS message. A very secure method, but it’s too time consuming for the average user.

The problem with passwords is that people don’t remember them, so they tend to use simplified passwords. To make matters worse, most people will use the same password for multiple accounts, making them more vulnerable to attacks. Some have resorted to using password manager apps that automatically type passwords for you, but they can be a pain to set up. Google’s plan is to make things simpler, but even more secure than today’s standards.

“We have a phone, and these phones have all these sensors in them. Why couldn’t it just know who I was, so I don’t need a password? It should just be able to work,” said Kaufman at a developer session last Friday afternoon at Google I/O.

By bringing the Trust API to the app level, it will further protect app data from a stranger that who able to successfully unlock your device. Each app would determine that the user wasn’t you and would require a password to gain access.

From what we can tell, it doesn’t appear that Google will need to release a new version of Android for the Trust API to work, since it’s mostly at the app level. This means that it should work on older versions of Android as well, but we won’t know for sure until we get closer to its release later this year.

Editors' Recommendations

Topics
Robert Nazarian
Robert Nazarian
Former Digital Trends Contributor
Robert Nazarian became a technology enthusiast when his parents bought him a Radio Shack TRS-80 Color. Now his biggest…
Do yourself a favor and audit your terrible passwords this new year
A password entry field.

Passwords are complicated, especially because they're important. We need one for our bank apps, our social media profiles, our streaming services, loyalty cards, grocery stores -- the list goes on and on and on and seemingly doesn't stop. Neither do the complicated and never-ending requirements for passwords. We need a capital letter here, a symbol here, some numbers. It's demanding, messy, and it's tempting to cut corners.

A lot of us do. As we go into the new year, it's time to overwhelm that instinct and steelman our passwords.
Here's why (most) passwords are so bad
We've already learned that most of us make pretty terrible passwords, with the vast majority of these passwords taking hackers a whopping 1 second to crack. It's 2021, and tens of millions of us are still pulling out classics like "qwerty," "password," and "123456789." It's enough to make some tech companies even consider dropping passwords altogether.

Read more
A flaw in MediaTek audio chips could have exposed Android users’ conversations
A MediaTek processor on a motherboard.

Security researchers have discovered a new flaw in a MediaTek chip used in over a third of the world’s smartphones that could have potentially been used to listen in on private conversations. The chip in question is an audio processing chip by MediaTek that’s found in many Android smartphones from vendors such as Xiaomi, Oppo, Realme, and Vivo. Left unpatched, researchers say, a hacker could have exploited the vulnerabilities in the chip to eavesdrop on Android users and even hide malicious code.
Check Point Research (CPR) reverse-engineered MediaTek’s audio chip, discovering an opening that could allow a malicious app to install code meant to intercept audio passing through the chip and either record it locally or upload it to an attacker’s server. 
CPR disclosed its findings to MediaTek and Xiaomi several weeks ago, and the four identified vulnerabilities have already been patched by MediaTek. Details on the first can be found in MediaTek’s October 2021 Security Bulletin, while information on the fourth will be published in December. 
“MediaTek is known to be the most popular chip for mobile devices,” Slava Makkaveev, Security Researcher at Check Point Software, said to Digital Trends in a press release. “Given its ubiquity in the world, we began to suspect that it could be used as an attack vector by potential hackers. We embarked research into the technology, which led to the discovery of a chain of vulnerabilities that potentially could be used to reach and attack the audio processor of the chip from an Android application.”
Fortunately, it looks like researchers caught the flaws before they could be exploited by malicious hackers. Makkaveev also raised concerns about the possibility of device manufacturers exploiting this flaw “to create a massive eavesdrop campaign;” however, he notes that his firm didn’t find any evidence of such misuse. 
Tiger Hsu, product security officer at MediaTek, also said that the company has no evidence that the vulnerability has been exploited but added that it worked quickly to verify the problem and make the necessary patches available to all device manufacturers who rely on MediaTek’s audio processors. 
Flaws like these are also often mitigated by security features in the Android operating system and the Google Play Store, and both Makkaveev and Hsu are reminding users to keep their devices updated to the latest available security patches and only install applications from trusted locations. 

Read more
A new affordable Motorola smartwatch could be coming by the end of the year
Moto 360 ambient display

A new Motorola-branded smartwatch is on its way for a launch by the end of the year, according to a press release shared by CE Brands, the current owners of the Motorola brand for smartwatches. The company has claimed to have already completed work on a Moto Watch 100, branding it an affordable premium smartwatch that will be going into mass production over the next month.

"Our newest smartwatch, the Moto Watch 100, which is designed for an entry-level price point, is scheduled to begin mass production in November 2021. With several major retailers in line for initial orders to test the product, we believe the Motorola brand coupled with an affordable premium-feeling smartwatch has the potential to be a truly disruptive product," the release reads.

Read more