In August 2023, Meta engaged NCC Group’s Cryptography Services practice to perform an implementation review of their Auditable Key Directory (AKD) library, which provides an append-only directory of public keys mapped to user accounts and a framework for efficient cryptographic validation of this directory by an auditor. The library is being leveraged to provide an AKD for WhatsApp and is meant to serve as a reference implementation for auditors of the WhatsApp AKD, as well as to allow other similar services to implement key transparency. The review was performed remotely by 3 consultants over a two-week period with a total of 20 person-days spent. The project concluded with a retest phase a few weeks after the original engagement that confirmed all findings were fixed.

During the winter of 2022, Google engaged NCC Group to conduct an in-depth security review of the Aggregation Service, part of Google’s Privacy Sandbox initiative. Google describes the Aggregation Service as follows:

The Privacy Sandbox initiative aims to create technologies that both protect people’s privacy online and give companies and developers tools to build thriving digital businesses. The Privacy Sandbox reduces cross-site and cross-app tracking while helping to keep online content and services free for all. One of the proposed solutions within the initiative is the Aggregation Service. The goal of this service is to allow ad tech to generate summary reports, which include aggregated measurement data on user’s behavior collected by other Privacy Sandbox APIs; these APIs allow ad techs to collect aggregatable reports from clients. The aggregation service decrypts and combines the collected data from the aggregatable reports, adds noise, and returns a summary report. This service runs in a trusted execution environment (TEE), which is deployed on a cloud service that supports necessary security measures to protect this data. This approach is designed to provide a balance between protecting user privacy and meeting the needs of the advertising industry.

NCC Group’s evaluation included the following components:

• Web Services Assessment, which consists of dynamic testing and code review of the final design and deployment of the Privacy Sandbox Aggregation Service from the perspective of an external attacker.
• Architecture Design Review, which consists of a review of the final design of the Privacy Sandbox Aggregation Service.
• Cryptography Design and Implementation Review, which consists of a comprehensive review of the cryptography implementation for the Aggregation Service and split key features.
• Holistic Attacker-Modeled Pentest, which consists of a holistic review of the final design and implementation of the Privacy Sandbox Aggregation Service from the perspective of a malicious ad tech firm.

In spring 2023, NCC Group completed a retest on a series of fixes proposed by Google, and found that they effectively addressed all findings documented in this report.

The public report for this review may be downloaded below: