Google System Services APK Transparency Log
Stay organized with collections
Save and categorize content based on your preferences.
The Google System Services APK Transparency Log leverages transparency log
technology.
The utilities of transparency logs have been proven by projects such as
Pixel Binary Transparency and also
Certificate Transparency.
Transparency logs are implemented with Merkle trees. This page assumes general
knowledge of Merkle trees and binary transparency. See
Verifiable Data Structures
for an overview of Merkle trees and the main page for an overview
of binary transparency effort within Android.
Log Implementation
The Google System Services APK Transparency Log is implemented as a
tile-based Merkle tree. The root
of the tile contents are served at
https://developers.google.com/android/binary_transparency/google1p/tile/. Note
that this is not a regular web page: the log entries contained in its
subdirectories should be read programmatically with the Golang SumDB
Tlog library
and not through a browser. We state the link here for clarity.
Refer to Log Content for a description of what each
entry contains.
The Merkle tree root hash of a log, contained in a checkpoint, is served
at https://developers.google.com/android/binary_transparency/google1p/checkpoint.txt
in the
checkpoint format.
The leaves of this Merkle tree are served at
https://developers.google.com/android/binary_transparency/google1p/package_info.txt.
The signature of the checkpoint can be verified with the public key described in
the following certificate.
-----BEGIN CERTIFICATE-----
MIICPzCCAeWgAwIBAgIUAV4UWNut89Vj0EIwMTUlOYclCMMwCgYIKoZIzj0EAwIw
dDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v
dW50YWluIFZpZXcxFDASBgNVBAoMC0dvb2dsZSBJbmMuMRAwDgYDVQQLDAdBbmRy
b2lkMRAwDgYDVQQDDAdBbmRyb2lkMCAXDTI0MDkyNTIzNTYwOVoYDzIwNTQwOTE4
MjM1NjA5WjB0MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG
A1UEBwwNTW91bnRhaW4gVmlldzEUMBIGA1UECgwLR29vZ2xlIEluYy4xEDAOBgNV
BAsMB0FuZHJvaWQxEDAOBgNVBAMMB0FuZHJvaWQwWTATBgcqhkjOPQIBBggqhkjO
PQMBBwNCAASofcYuVig/lsWwIfwMfLk22mMltFDDd8k1IBNKajw6VdQynSh7XapH
Ace10/uT1ceUmwJinyOPR1Bpj431+18vo1MwUTAdBgNVHQ4EFgQUwHSDZ/iAB8Go
Rt1oDkVktxyizhYwHwYDVR0jBBgwFoAUwHSDZ/iAB8GoRt1oDkVktxyizhYwDwYD
VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEAleFB+Arfv1KW0r6TbSEX
EfvBnJMPqRNAIVPd8LrVhw0CIAX56Txqs8H5XWdMoNF21w8Z0PmUNvLLtZtM+25O
wjq8
-----END CERTIFICATE-----
The same public key can also be found in Android Security's PGP public key block
at https://services.google.com/corporate/publickey.txt,
identified by CFAB31BE8DD7AC42FC721980ECA5C68599F17322 if you prefer PGP.
The verification page describes in more detail how the
various components of the log are used to verify the claims made in the
Claimant Model.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-04-24 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-04-24 UTC."],[[["\u003cp\u003eThe Google System APK Transparency Log uses transparency log technology, similar to Pixel Binary Transparency and Certificate Transparency, for enhanced security.\u003c/p\u003e\n"],["\u003cp\u003eThe log leverages a tile-based Merkle tree structure for efficient data organization and verification, accessible programmatically via the Golang SumDB Tlog library.\u003c/p\u003e\n"],["\u003cp\u003eEach log entry details specific information about system APKs, further outlined in the Log Content section linked on the page.\u003c/p\u003e\n"],["\u003cp\u003eA checkpoint file containing the Merkle tree root hash is regularly updated and signed, ensuring the integrity of the log's data and enabling verification using the provided certificate or PGP key.\u003c/p\u003e\n"],["\u003cp\u003eThe verification process, detailed on a separate page, utilizes various log components to validate claims related to system APKs based on the described Claimant Model.\u003c/p\u003e\n"]]],["The Google System APK Transparency Log uses a tile-based Merkle tree, with the root served at a specific URL, accessible programmatically via the Golang SumDB Tlog library. A Merkle tree root hash, contained in a checkpoint, is served at another URL in a specified format. Merkle tree leaves are also served at their specific url. The checkpoint's signature can be verified using a public key provided in a certificate or through Android Security's PGP public key. The log's components enable verification of claims made in the Claimant Model.\n"],null,["The Google System Services APK Transparency Log leverages transparency log\ntechnology.\n\nThe utilities of transparency logs have been proven by projects such as\n[Pixel Binary Transparency](../pixel_tech_details) and also\n[Certificate Transparency](https://certificate.transparency.dev/).\n\nTransparency logs are implemented with Merkle trees. This page assumes general\nknowledge of Merkle trees and binary transparency. See\n[Verifiable Data Structures](https://transparency.dev/verifiable-data-structures/#verifiable-log)\nfor an overview of Merkle trees and the [main page](../overview) for an overview\nof binary transparency effort within Android.\n\nLog Implementation\n\nThe Google System Services APK Transparency Log is implemented as a\n[tile-based Merkle tree](https://research.swtch.com/tlog#tiling_a_log). The root\nof the tile contents are served at\n`https://developers.google.com/android/binary_transparency/google1p/tile/`. Note\nthat this is **not** a regular web page: the log entries contained in its\nsubdirectories should be read programmatically with the Golang SumDB\n[Tlog library](https://pkg.go.dev/golang.org/x/mod/sumdb/tlog)\nand not through a browser. We state the link here for clarity.\n\nRefer to [Log Content](/android/binary_transparency/google1p/overview#log_content) for a description of what each\nentry contains.\n\nThe Merkle tree root hash of a log, contained in a *checkpoint* , is served\nat \u003chttps://developers.google.com/android/binary_transparency/google1p/checkpoint.txt\u003e\nin the\n[checkpoint format](https://github.com/transparency-dev/formats/blob/main/log/README.md#checkpoint-format).\nThe leaves of this Merkle tree are served at\n\u003chttps://developers.google.com/android/binary_transparency/google1p/package_info.txt\u003e.\nThe signature of the checkpoint can be verified with the public key described in\nthe following certificate. \n\n -----BEGIN CERTIFICATE-----\n MIICPzCCAeWgAwIBAgIUAV4UWNut89Vj0EIwMTUlOYclCMMwCgYIKoZIzj0EAwIw\n dDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v\n dW50YWluIFZpZXcxFDASBgNVBAoMC0dvb2dsZSBJbmMuMRAwDgYDVQQLDAdBbmRy\n b2lkMRAwDgYDVQQDDAdBbmRyb2lkMCAXDTI0MDkyNTIzNTYwOVoYDzIwNTQwOTE4\n MjM1NjA5WjB0MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG\n A1UEBwwNTW91bnRhaW4gVmlldzEUMBIGA1UECgwLR29vZ2xlIEluYy4xEDAOBgNV\n BAsMB0FuZHJvaWQxEDAOBgNVBAMMB0FuZHJvaWQwWTATBgcqhkjOPQIBBggqhkjO\n PQMBBwNCAASofcYuVig/lsWwIfwMfLk22mMltFDDd8k1IBNKajw6VdQynSh7XapH\n Ace10/uT1ceUmwJinyOPR1Bpj431+18vo1MwUTAdBgNVHQ4EFgQUwHSDZ/iAB8Go\n Rt1oDkVktxyizhYwHwYDVR0jBBgwFoAUwHSDZ/iAB8GoRt1oDkVktxyizhYwDwYD\n VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEAleFB+Arfv1KW0r6TbSEX\n EfvBnJMPqRNAIVPd8LrVhw0CIAX56Txqs8H5XWdMoNF21w8Z0PmUNvLLtZtM+25O\n wjq8\n -----END CERTIFICATE-----\n\nThe same public key can also be found in Android Security's PGP public key block\nat \u003chttps://services.google.com/corporate/publickey.txt\u003e,\nidentified by `CFAB31BE8DD7AC42FC721980ECA5C68599F17322` if you prefer PGP.\n\nThe [verification page](/android/binary_transparency/google1p/verification_details) describes in more detail how the\nvarious components of the log are used to verify the claims made in the\n[Claimant Model](/android/binary_transparency/google1p/overview#claimant_model)."]]