Google’s ATAP team has unveiled a device that looks like an ordinary microSD card. But Project Vault is actually a tiny computer that can add security features to just about any phone, tablet, or computer, allowing you to protect important files and communication.


Well, almost any of those devices… it’s a little funny that Google built Project Vault into a microSD cars, when the Google nexus line of phones and tablets are kind of notorious for not having microSD card slots. Maybe that’ll change in the future though… Android M does have enhanced support for removable storage, allowing you to “adopt” a microSD card and treat it like local storage.

The Project Vault prototype includes a low-power ARM processor, an NFC chip, 4GB of storage, and a real-time operating system. Google has already begun testing the system with 500 units that the company is using within the company, and the goal is to launch Project Vault initially as an enterprise product which may eventually be made available to individuals.

Since the system is basically a microSD card, you can slide it into any device that has a microSD port… and it’ll show up as a removable drive.

But once it’s connected, it can also encrypt your data. In a demo at Google I/O, Google showed two phones with Project Vault cards sending messages to one another over a remote server. The phones were able to view the messages with no problems, but all the remote chat server saw was cypher text.

That’s because Project Vault handles all of the hashing, signing, and other cryptographic operations. Not even the operating system on your phone has access to your private key or other data.

In fact, your phone, tablet, or PC won’t even know Project Vault is there: everything happens on the Vault itself, which allows it to work with just about any operating system including Android, Windows, Linux, or other platforms.

Google has already released the source for both the Project Vault software and for developer kit hardware. Even the OpenRISC1200 processor for the dev kit is open source.



Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign


Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,533 other subscribers

10 replies on “Google’s Project Vault is a security system on a microSD card”

  1. Looks like an idea whose time has come (seen a fair few security products announced in this form factor, including some FIPS certified) – but ironically, increasing numbers of the high end phones now lack a µSD slot. Still, I expect a otg variant would work too.

  2. It seems very similar to the SecFone’s solution which is already on the market and presented on some exhibitions in the last years..

    1. Why? Is he an expert on microSD-based security devices, or something?

      The whole project (hardware and software) is open source. There are tens of thousands people more qualified than Snowden (even in the security biz) when it comes to assessing this project.

      1. Could you explain how the fact that it is open hardware/software helps in any way? Even if you verify the source and the hardware schematics yourself and confirm they are sane/secure, how exactly do you plan to confirm that the actual hardware device in your hand uses those exact schematics and source? Do you plan to build your own (from scratch)?

        The fact that it’s open source doesn’t mean much when it comes to security – unless you trust that what you’ve been sold is the result of loading the open source software you’ve verified onto hardware created from the open source schematics you’ve verified. Everyone else will just have to trust Google with it .

  3. “it’s a little funny that Google built Project Vault into a microSD cars, when the Google nexus line of phones and tablets are kind of notorious for not having microSD card slots.” Could signal an about face, but would any of that memory be user accessable?

  4. This is a pretty cool idea, I hope it gets some traction beyond google.

  5. so, does that mean that I can use files stored on microSD cards again, like in Gingerbread?

    1. Depending on your device, you still can. My Samsung S4 w/ Lolipop 5.0 works with a microSD card.

Comments are closed.