GOOGLE has announced expanded Binary Transparency for Android to counter binary supply chain attacks, with production Android applications released after 1 May 2026 carrying a cryptographic entry confirming their authenticity. The public ledger is intended to ensure the Google apps on devices are exactly what were built and distributed, building on Pixel Binary Transparency first introduced in 2021 to bolster software integrity.
The verifiable security framework mirrors Certificate Transparency, recording metadata about official factory images in a public, append-only log to help detect mis-issued or malicious binaries. Google says this provides a transparent Source of Truth that allows anyone to verify that the Google software on their Android device is production software and not modified by an attacker, and that any attempt to deploy a one-off version will be detectable.
The initiative currently includes production Google applications and Mainline OS modules, with verification tooling made available to users and researchers at the provided GitHub repository. According to Google, this expands the ability to detect and deter unauthorized binary releases by providing a certificate of intent alongside traditional digital signatures.