Android Ready SE

The Android ecosystem is further expanding. It’s not perfect but the Android team is determined to really improve and make things more useful, convenient, fast, and secure for everyone. Android is no longer just about smartphone or tablets. It can now be integrated with Chrome OS. Android apps can be accessed from a Chromebook. They can also be accessed from a smartwatch, smart TV, or even a smart car. They may be called differently but the goal is basically just the same: run apps that can help people in their everyday life.

In the near future, Android phones can be used as digital keys or wallets. Google has just introduced the Android Ready SE Alliance that will help phone makers work on their hardware that will someday replace keys and wallets.

Phones as digital keys are already possible but there is the challenge of making things more safe, secure, and private for everyone. Digital wallets are available as well but putting them on one device can be risky. There is that issue of security in case a device is misplaced or is stolen.

The Android Ready SE Alliance is open to SE vendors (Secure Element). It’s an effort to work together to come up with a special set of open-source and easy-to-use SE Applets that work. With the success of StrongBox for SE, a General Availability (GA) version is now available to OEM partners.

StrongBox isn’t just for Android mobile OS. It can also be for WearOS, Android TV, and Android Auto Embedded. The Android dev team has listed the requirements for the OEM. An OEM must do the following:

1.) Pick the appropriate, validated hardware part from their SE vendor.
2.) Enable SE to be initialized from the bootloader and provision the root-of-trust (RoT) parameters through the SPI interface or cryptographic binding.
3.) Work with Google to provision Attestation Keys/Certificates in the SE factory.
4.) Use the GA version of the StrongBox for the SE applet, adapted to your SE.
5.) Integrate HAL code.
6.) Enable an SE upgrade mechanism.
7.) Run CTS/VTS tests for StrongBox to verify that the integration is done correctly.