(It's just called something else.)
Historically Android has been lagging behind a bit from iOS devices when it comes to security, but Pixels and their software have a very similar security model and design (with some exceptions - less granularity with file-based encryption and some other mostly minor details).
Non Google devices however are usually significantly less secure - not so much due to Android design, as due to manufacturers deliberately disabling Android's security featuers (e.g. only Pixel actually uses dm-verity at this moment if I remember correctly), refusing to update them, building devices with bad trustzone drivers... etc.
If you keep to the 1st party (Google-branded) devices like in iOS world, you're mostly ok.
Could it be the case that Apple is leveraging TrustZone but with a customized L4 kernel? Or is it confirmed that the Secure Enclave is a custom IC designed by Apple? I wouldn't be surprised if it's the former as it becomes much cheaper to implement the required security features.
Edit: Check out this previous discussion on this exact topic: https://news.ycombinator.com/item?id=8410700
By default no SW runs on HW. "Mobicore" (now called "Kinibi" from Trustonic) is based on L4.
No, 2012 was when Trustonic was formed from competing TEE vendors: ARM, Gemalto, and Giesecke & Devrient.
TrustZone has been around since before that. TI OMAP were front-runners of using it.
Yeah, nation state level attacks will still work, especially if they have the phone. But with Android it's not nation state level. It's corporate level and maybe less if they have the phone.
I know of another similar implementation that's used by Microsemi for their FPGA-based secure boot process. They claim to protect the initial AES key transmission using an "obfuscated" crypto library that is sent to the processor over SPI on boot. Also, I wonder if Apple exchanges a nonce during the setup to prevent replay attacks?
: It's a C/C++ library called WhiteboxCRYPTO. There is a whitepaper (http://soc.microsemi.com/interact/default.aspx?p=E464), but AFAIK the gist of their argument is that the code and keys are sufficiently obfuscated to prevent reverse engineering (typical marketing-speak).
I still downvoted izacus because it was an uncharitable fanboy rambling. The charitable interpretation would be that the walled garden (in regards to the enclave) is a side effect of their implementation, and not the intention.
But to me, they seem to be trying to find a moderate level of security with a profitable cost of goods. It doesn't seem that their heart is in it the way Apple's is with the Enclave. iOS is still breakable at the nation state level but well that's quite a high bar. Nation states are breakable at the nation state level.
 - https://developer.android.com/about/dashboards/index.html#Pl...
iPhones are typically supported for 4 years.
The latter is important: at the end of the day, software can only be as secure as the hardware on which it is installed. For example if someone can tamper with the hardware random number generator then your crypto becomes compromised.