Is Google’s Project Vault the Future of Mobile Security


In light of the recently concluded imbroglio over Apple’s refusal to help the FBI break into an iPhone alleged to have been used by the attacker in the San Bernardino shootings, Peiter Zatko, security expert and engineer formerly at Google’s Advanced Technology and Projects group, called on Google to release Project Vault. Such a move would underline Google’s support for Apple’s position and make mobile security widely available for public consumption.

The technology, which Zatko helped create during his tenure at Google, is essentially a small computer that upgrades mobile devices with an encrypted “digital safe” that secures all communications, ranging from data, messages, video, and voice calls. Two phones, both using a Project Vault device, can communicate securely with each other without fear of snooping by hackers or government entities. The technology was demonstrated last year at a Google I/O developers’ conference in San Francisco. Google also announced that Project Vault could be used to encrypt video and serve as an alternative replacement for passwords

Project Vault very well may be one of the smallest computers ever, fitting into a microSD card the size of a fingernail. Google went with the microSD form factor in order to have more data throughput in order to protect video, and also because it is mobile and provides data storage (4GB’s worth). It features an ARM-based processor running RTOS, short range wireless communications (i.e. NFC, or, near field communications), and an antenna. Project Vault also provides an array of cryptographic services including hashing, batching, signing, and a hardware random number generator.

Regina Dugan, head of Google’s Advanced Technology and Projects group, described it as “your digital mobile safe” as the name would suggest, and announced that Project Vault would first be tested with and disseminated to businesses and corporations. Many industries, ranging from healthcare to finance, rely on secure communication and reliable encryption of data. Beyond that, Dugan also noted that Google had been testing the technology with over 500 devices internally.

Getting past encryptions in Facebook’s WhatsApp and Apple’s iMessage service have frustrated authorities in the past, who have sought to access messaging and communications. Because Project Vault instantly upgrades the device it is installed into, and because the digital keys and code used to store all communications and data never leaves the microSD card, it is likely to render devices even more inaccessible and unhackable than conventional apps such as WhatsApp and iMessage.

While Google has yet to release the device, it has already released some of the code and documentation for Project Vault’s hardware and software online. Google also released a software development kit for Vault at the developers’ conference and called on developers to build creative applications for it. Because Project Vault is open source, some large companies such as financial institutions may already be experimenting with the parts that have been released in order to improve their security and fraud-prevention, according to Tom Simonite of the MIT Technology Review. What makes it so easy to work with is that it essentially functions as a generic storage device with a file system and is compatible with any OS, including Android, Windows, OS X, and Linux.

Scroll to Top