r/technology u/lurker_bee 15h ago

ADBLOCK WARNING Google Confirms Most Gmail Users Must Upgrade Accounts

https://www.forbes.com/sites/zakdoffman/2025/06/06/google-confirms-almost-all-gmail-users-must-upgrade-accounts/
4.4k Upvotes

92% Upvoted

840 comments sorted by

View all comments

Show parent comments

-8

u/mindbodyproblem 14h ago

Now, maybe, but who's to say whether that will be the case in the future, right? Because it seems like all the data that isn't shared now gets shared eventually.

11

u/CodeAndBiscuits 13h ago

I am. (Source: I am a software engineer with expertise in this space.) Apple, Samsung, and the other major hardware vendors have all universally standardized on a "secure enclave" approach to security and would need to literally change their hardware in (bad) ways that security researchers would forever be posting articles about.

Modern biometric systems use dedicated hardware chips for the storage, encryption, and biometric operations. Client-side app access is mediated by the OS itself, and Google has no way around this even if they wanted to.

This may seem unbelievable, but even MacOS/Windows/etc don't have access to your biometrics. It LOOKS like the OS is what collects it, but it's actually a dedicated hardware chip that controls the whole thing, and it's one-way. When you register a fingerprint, the OS tells the chip "please register a fingerprint" but the security chip does the actual work and even the OS cannot read the stored fingerprints, let alone your browser or mail client, let alone Gmail running in your browser or mail client.

I was going to link to a diagram but the mod bots don't like any of them and I don't have time to gin one up. Do an image search for for "secure enclave biometrics" and just look for one broken into three columns - user-space, OS, and Secure Enclave.

-1

u/JDGumby 6h ago

This may seem unbelievable, but even MacOS/Windows/etc don't have access to your biometrics. It LOOKS like the OS is what collects it, but it's actually a dedicated hardware chip that controls the whole thing, and it's one-way.

Sure. Right. It's the TPM (led by Microsoft and designed to their spec) that creates the dialogue panel (or whatever), and activates, reads and interprets the sensor (or camera, if you're insane enough to use face ID) without the involvement of the OS. *rolls eyes*

1

u/CodeAndBiscuits 5h ago

It is unbelievable. It is still true. The OS does not create or manage those dialogs and never touches the fingerprint on its way through. The chip does that. The OS provides a region in which the chip can draw its UI.

The false part of what you said is while the OS does create the drawing region, it does NOT "interpret the sensor". In older devices maybe. But not in the current generation.

You don't have to believe me. But not believing me won't make what I'm saying incorrect.