I wonder how secure this actually is, from the baseband. If it's just storage, how can it protect apps that are otherwise pwned?
"Onboard the Vault itself is an ARM processor running ARTOS, a secure operating system focused on privacy and data security."
OK, but what does that "secure operating system" do? Smartphones are fundamentally insecure. Is this an entirely separate OS, which can just communicate with the phone via those text files? Does it run its own apps? If it's not, and it doesn't, I'm not getting how it can be secure.
brokers the keys and file system eg I want to: Log into a site. Interface with nfc doggle. ARTOS takes password on secure device. Encrypts using site's keys. Drops that to the app. You log in. App/Host never sees password cleartext. Just an example.
OK, so it seems to me that this is a "secure computing environment" only in the sense that it can't grab your net credentials. Yes? When I see "secure computing environment", I'm expecting that the cellular service provider (and its friends or pwners) can't see what's being computed. Maybe I'm expecting too much
I think this is just a marketing gimmick to make people think Google is protecting privacy. The average consumer will get the phone install Angry Birds or whatever privacy sucking app of choice they want and render the security gain useless. I agree with mirimir that smartphones are inherently insecure, I dont believe that it is futile and that the correct combination of behavior and software can provide security and privacy but it requires both to be effective.
http://www.theverge.com/a/sundars-google/atap-lab-regina-dugan-google-io-2015 Interesting, but arguably limited. Unless I'm missing something. But this sounds interesting: See http://www.projectara.com/ and http://en.wikipedia.org/wiki/Project_Ara But I see nothing about the baseband
I've been mulling over a similar requirement, but for the PC environment. Sadly, we cannot trust our hosts sufficiently, and certainly not to let them have unrestrained access to our data files (think Cryptolocker, exfiltration etc). Plus use of encryption technology such as Truecrypt results in a mounted drive where all the files are open to all processes without any form of protection or TFA. So I would really like to have a usb3 storage device that was probably something like an RPi, and which encrypted files on its disk at all times, backed by something like a Yubikey with the user having to have inserted the Yubikey and maybe pressed its button to access the file. ARTOS looks to be a proprietary RTOS, and there's little information I can find about it.
Google Vault is very strange thing for me . I have many questions. For example: How does Vault work? How can user control encryption on Vault? What does Vault encryption algorithms use ? Does government can get assess to user data on Vault?
Seems like they/PR oversold to y'all. Fair. But we mustn't forget this is a great tool for everyone. Initially, it will be an enterprise gear and then to consumer. DataLossPrevention etc. Think of it as a roll your own TPM and Yubikey/Challenge-response NFC dongle over a strong self-encrypting disc. This has been done before: http://www.go-trust.com/ which shows some of the possible features/usage.