Apple’s Secure Enclave set a security precedent for Android smartphones

Apple’s Secure Enclave set a precedent in smartphone security that has so far been followed by many Android brands.

A new research study found that Huawei, Samsung, Xiaomi, OnePlus, Vivo, LG, Oppo, and Sony all now have models with equivalent embedded hardware security features…

Counterpoint Research said that most phones model their hardware security after the Secure Enclave, while Samsung and Google take slightly different approaches to achieve the same end result.

Sales of smartphones with embedded hardware security (secure smartphones) grew 39% year-on-year (YoY) in 2019, according to the latest research from Counterpoint’s IoT Security Service. Systems based on a secure element accounted for 89% of shipments, while those with a PUF represented 10% of secure smartphone sales in 2019 […]

Samsung implements a physically unclonable function (PUF), that serves as a unique identifier in the Exynos 9820 and 9825. Where Google takes a different approach by implementing a TPM (Trust Platform Module), a miniature version of a hardware security module (HSM) soldered into the PCBs of its Pixel series smartphones.

The Secure Enclave is a specific part of an A-Series chip used to store especially sensitive information. It is used to store the device passcode and biometric data, for Face ID or Touch ID, as well as Apple Pay data. Crucially, iOS itself cannot directly access data stored in the secure enclave, so even if malware could make its way onto an iPhone, it would have no access to the data.

When you enter your passcode, for example, iOS has no idea whether it is correct. It instead passes the code you entered to the Secure Enclave that checks it against the encrypted version stored there, and then passes back a simple Yes or No to iOS. Exactly the same thing happens with Face ID and Touch ID: the actual checking is carried out within the Secure Enclave, and iOS just gets the OK or not.

Counterpoint notes that many smartphone brands get the feature because it’s embedded into the Qualcomm System on a Chip (SoC) used by many Android brands.

Counterpoint Research Vice President, Research, Neil Shah, noted:

The secure element is a coprocessor within the SoC that assures tamper-resistance and is capable of securely hosting applications. From the iPhone 5s onwards, Apple has been embedding a secure enclave (eSE) provided by the Global Platform. The communication within the secure enclave and application processor is isolated, which secures data from malware attacks. Huawei also implemented an integrated secure element (inSE) on its SoCs, the HiSilicon Kirin 960, 970, 980, 990, and 710. Qualcomm has adopted the secure element as a secure processing unit (SPU) in the Snapdragon 845, 855, and 855+, which enables brands like Xiaomi, OnePlus, Oppo, Vivo, LG, Sony, Samsung, and Google to implement hardware embedded security in its premium smartphones.