Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Google Android Security Technology

Google Is Bringing Electronic IDs To Android (venturebeat.com) 84

Krystalo writes: The last day of Google's developer conference tends not to have any news, but this year was a little overloaded. Google announced today that it's working on bringing Electronic IDs to Android. Separately, the company also confirmed that all new Android Q devices will be required to encrypt user data. Replacing ID cards, such as driver's licenses and club memberships, has been the last major piece of the digital wallet puzzle. We're not talking about securely logging into web pages -- this is for identifying yourself in "physical world transactions." Wallet apps can replace plane tickets, loyalty cards, and credit cards, but they still can't pass for valid ID. Google is looking to add Electronic ID support so developers can build mobile apps that can be securely used as an ID.
This discussion has been archived. No new comments can be posted.

Google Is Bringing Electronic IDs To Android

Comments Filter:
  • by marcle ( 1575627 ) on Thursday May 09, 2019 @11:15AM (#58564260)

    OK -- we're screwed.

    • There's always Apple...

      • by cayenne8 ( 626475 ) on Thursday May 09, 2019 @11:29AM (#58564330) Homepage Journal
        To both I say "No Thanks"...

        I really still don't mind carrying my physical wallet with my physical ID cards.

        And if nothing else, if I"m pulled over by a cop, the last thing I want to do is open my phone for them to see "ID".....and be open to look at pretty much anything else they might want to phish for during a traffic stop.

        That and I don't wish to share ID or credit cards, etc with any company out there really.

        This looks like a solution in search of a problem.

        • I really still don't mind carrying my physical wallet with my physical ID cards.

          I do. I HATE having to carry a physical wallet, especially since it's really not adding any value in the modern world. I'm perfectly aware of the risks of a digital ID and I can live with carrying a physical wallet like I have for the last 40 years but I don't like it and a LOT of what I need to carry one for should be unnecessary. Here's an incomplete list of things which might be in my wallet that I should be able to carry on my phone without severe security issues:

          1) Health insurance card
          2) Credit/Deb

          • How is this illogical? Right now, I can go to the store and pay cash and not share any identity info with them. If my wallet were replaced with a combo phone/payment device/ID, I'd no longer have that option.
            • Right now, I can go to the store and pay cash and not share any identity info with them.

              Right now I can go into the store, pay with Apple Pay and not share any identity info with the store. Furthermore if my phone gets stolen it's insured, traceable, and unless someone shares my face/fingerprint they aren't going to be able to access the credit cards or other payment systems on it. There is a downside to any payment method. Cash is awesome sometimes but it has problems too. It's easily stolen, hard to trace, hard to recover, etc. You're merely trading one set of risks for another.

              If my wallet were replaced with a combo phone/payment device/ID, I'd no longer have that option.

              ??? Nob

          • Basically the only thing I'm not comfortable with yet putting on my phone is my government issued ID cards and maybe my ATM card. But 90%+ of physical cards in my wallet are simply making my wallet bulky for no extra value to me. I don't mind having a physical wallet as a backup when necessary for traveling in places where phones are impractical but I shouldn't have to carry it daily.

            What happens if your phone runs out of power, and/or breaks?

            I've yet to see a wallet run out of power.

            • What happens if your phone runs out of power, and/or breaks?

              First off, let's get real. How often does that really happen to you? Seriously. I've been carrying a smartphone for the better part of a decade and I think I've run the battery dead twice in that time. I've also never had one break on me to the point where it couldn't be used. Sure it happens but it's not common and there are backup options which leads us to...

              Second, I still have all the plastic cards I keep in my wallet in the event of an extended power outage or if I'm traveling somewhere my phone w

        • Ideally there would be some separate secure enclave to hold this kind of information so ID, insurance info, etc could be shown without handing over everything on your phone.

  • This is going to struggle. And we have past evidence of this, with Googleâ(TM)s travails with Google Wallet and payment services (and then thereâ(TM)s Samsung and there first into payments). Apple Pay brought those kinds of payment services to the mainstream, and I think it probably needs that kind of a push to make this work. The question of whether itâ(TM)s advisable to collect all of those IDs in one handy, stealable place is another one entirely, of course.
    • The question of whether itâ(TM)s advisable to collect all of those IDs in one handy, stealable place is another one entirely, of course.

      For anyone who currently uses a wallet-style phone case... that ship has sailed.

      I’m one of those people... but I have thought about the question on many occasions, and am still not convinced I’m doing the wise thing in using such a case. Also, I made a decision not to carry our main credit card, which 1) I don’t use very often anyway and 2) has an absurdly high credit limit.

      However I think the physical cards are the bigger security concern. I wish the transition to NFC payments would happe

  • Worrisome (Score:5, Insightful)

    by grasshoppa ( 657393 ) on Thursday May 09, 2019 @11:21AM (#58564298) Homepage

    The idea on it's own isn't...horrible. There are ways to do it right, but there are far more ways to do it wrong. For instance, if we're talking about government IDs, then I'd want a couple different lock levels on my phone. The first allows access to pre-selected IDs ( gym memberships, driver licenses, ect.. ), and a second which grants me full access to my phone.

    The two should not even use the same access method ( so pin OR finger print, password OR pin, ect... ).

    • For instance, if we're talking about government IDs, then I'd want a couple different lock levels on my phone. The first allows access to pre-selected IDs ( gym memberships, driver licenses, ect.. ), and a second which grants me full access to my phone.

      Apple’s wallet currently lets you make your digital cards available without unlocking your phone (or to not allow it). I’d like to see it made more granular, allowing you to choose which individual cards are available from your locked phone, and which are not.

      • I still want to prevent unauthorized access to my cards, so I still want a lock in front of things. I don't want 'just anyone' to access my driver's license, for instance. By the same token, I don't want the police to have full access to my phone should I get pulled over and they require my DL.

        • My ideal would be a phone that has virtual machines with encryption and authenticated with different means. For example, if I'm overseas, geo-location wouldn't allow the CONUS to work, so if the phone is seized in China, the VM used for overseas stuff is accessible, but the ones that are region locked would be well protected, perhaps inaccessible until one is on a home or work IP space.

          The ironic thing is that this is solved in older versions of Android. There used to be an app that ran as root which allo

      • Apple’s wallet currently lets you make your digital cards available without unlocking your phone (or to not allow it).

        Sort of. But not really for a lot of things. And there are certain types of ID cards which make handing your phone to a third party potentially problematic. Classic example is your driver's license to a cop. I would be an idiot to trust a cop with my entire phone even though I'm completely innocent of any crimes. Way too many opportunities for that to go sideways on me.

        Also there is the problem that a lot of ID cards that could be safely put on my phone (like health insurance) simply aren't available b

      • For instance, if we're talking about government IDs, then I'd want a couple different lock levels on my phone. The first allows access to pre-selected IDs ( gym memberships, driver licenses, ect.. ), and a second which grants me full access to my phone.

        Apple’s wallet currently lets you make your digital cards available without unlocking your phone (or to not allow it). I’d like to see it made more granular, allowing you to choose which individual cards are available from your locked phone, and which are not.

        The in-progress ISO 18013-5 mobile driving license specification (I'm a member of the ISO committee and lead the Google team that is building the electronic ID features) goes a step further and requires that users be able to choose not only which documents are available, but even which data fields, and even to make the choice per presentation. There's also a lot of effort going into data minimization, meaning that when you present your ID you should be able to provide exactly the information that is require

        • That sounds very good, if it makes it to implementation like that. I do worry about meddling from various levels of government (and from both sides of the aisle), turning good ideas into broken and/or insecure implementation of those ideas.

          • That sounds very good, if it makes it to implementation like that. I do worry about meddling from various levels of government (and from both sides of the aisle), turning good ideas into broken and/or insecure implementation of those ideas.

            I worry about the same thing, which is why I'm working to make sure that doesn't happen, in a couple of ways. One is to make sure that there are production-quality, open source sample apps that do things the right way. I want it to be as easy as possible for governments to do the right thing and therefore harder to do the wrong thing. Another is to have the Android system create a log of all ID presentations -- requests received and data returned -- which is reviewable by the user so that misbehavior can

    • Towards this end, iPhones already allow you to set up emergency information that can be accessed from the lock screen. It's an entirely optional feature that, if enabled, gives first responders the ability to know who you are, what allergies or existing conditions you have, who your emergency contacts are, etc., but it's theoretically ripe for abuse as well. I could see a digital ID being handled similarly: make it available to those who want it, but don't compel its usage.

    • You also need plausible deniability to protect against "wrench hacking": https://xkcd.com/538/ [xkcd.com]

      I'd like a hidden login for all sensitive apps. For example, my regular password unlocks the phone with everything but sensitive apps but a completely different password opens super-secret-app mode where all the sensitive stuff is. If someone tries "wrench hacking", I can just open the phone with the regular password and claim I don't use it for banking.

      It is only a matter of time until criminals realize they can j

  • Allowing a left wing authoritarian corporation control over your government issues ID. That can never possibility go wrong. It's not like we already have dozens of examples of some of these same corporations using there market power to bar unpopular individuals from using some of these banking and communications serv-

    -THIS CITIZEN BANNED FOR MULTIPLE VIOLATIONS OF THE T.O.S.-

    • Of course Google wants more power. They want to control your identity in the way prophesied in cyberpunk. It's nothing to do with "left-wing", it's "eliminating the government as a second source of identification, so Google is the sole authority of who you are." And if you think they won't use that power to shut down people who accuse their executives of sexual harassment (to choose a "left-wing" issue) in a second, you're not thinking clearly.

      • Of course Google wants more power. They want to control your identity in the way prophesied in cyberpunk.

        Please see https://tech.slashdot.org/comm... [slashdot.org]

        It's nothing to do with "left-wing", it's "eliminating the government as a second source of identification, so Google is the sole authority of who you are."

        The Android EID design gives Google zero ability to control ID. The design allows existing identity credential issuers (e.g. governments) to provision identity documents to Android devices, and then allows the devices to present those credentials (under user control) to verification devices. Google has no involvement in any part of either provisioning or presentation, and no access to any of the provisioned data, which will be secured on-device by security modu

        • Interesting that you lead the EID team. I'll look at you sources, but may not have time for a little while. The (at least claimed) input by the EFF and ACLU does make me feel better, but I do have concerns.

          • Interesting that you lead the EID team. I'll look at you sources, but may not have time for a little while. The (at least claimed) input by the EFF and ACLU does make me feel better, but I do have concerns.

            FWIW, my primary contact at the ACLU is Jon Callas. If you don't know who that is, check out his Wikipedia page.

            • Just to clarify, I'm not doubting that you have ACLU and EFF advisers, or that they are good, or even that you take them seriouslys. My concern there is that companies sometimes get advisers (sometimes for PR reasons) and then vote down their concerns 3-2 (or 4-3 if you're on their side) in the room.

              As I said, I don't have time to look at it now, but I did want to let you know that I wasn't questioning you specifically or your integrity.

              • I didn't think you were doubting my integrity... I just think Jon is great, and it's cool being able to work with someone of his caliber and with his track record. So, really, I was kind of bragging :-)
    • Allowing a left wing authoritarian corporation control over your government issues ID.

      Google will have no such control. The Android ID infrastructure will be open source, freely-inspectable and clearly architected to restrict access to the data to the ID app that provisioned it. Google will have no access to the content and no control over how the infrastructure is used. The ID management protocols will be open and standardized (and well-designed from the perspective of both security and privacy) and will not involve sending any data through Google servers.

      If you doubt this, I highly re

  • by Anonymous Coward

    In a year we'll be reading about some Chinese company stealing 100 million IDs from Android phones via sketchy Playstore Apps. Android is trash.

  • by Anonymous Coward

    I was moving in the other direction, keeping electronic private keys on a physical card where Google has no way to ever get hold of them.

  • Just what everyone wants: _depending_ on an ID store that isn't always usable.

    • Just what everyone wants: _depending_ on an ID store that isn't always usable.

      It's trivial to have a physical card too. We're already doing that. The point is to have a digital option so that we don't HAVE to carry a stupid physical card all the damn time. Besides it's not like physical cards don't have their downside too. They are easily lost/stolen, insecure, bulky, etc.

  • After all, it can be so hard to track your every move when you use a different ID for some transactions. If you log in to a website using a throwaway email address, then how can they use their super smart AI to sell you stuff based on your browsing history? If you rattle off a fake phone number every time your grocery store demands that it knows who you are before they will sell you a bottle of soda or you pay cash, then how will your heath insurer know to jack up your rates based off your unhealthy purchas
    • then how will your heath insurer know to jack up your rates based off your unhealthy purchases?

      Good news. Under the ACA (aka Obamacare), it's illegal for the health insurer to do that. Even if, instead of datamining a soda purchase, you mail them a certified letter every day with saying "Eating a steak, 3 lbs of butter and drinking a bottle of whiskey!".

      And, they wouldn't need that data. Your health insurer knows your BMI and other stats. Fortunately, it's even illegal for them to use the results of yo

No spitting on the Bus! Thank you, The Mgt.

Working...