Google today shared some of the first details backing up its claim that the Pixel 3 is its “most secure phone yet,” following up on the detail it shared during the recent Pixel 3 event in New York about those new flagship phones being its first to get the company’s Titan M security chip.
That chip, Google explains in a blog post today, is an enterprise-grade security chip custom-built for the Pixel 3. With it, Android Security Team member Xiaowen Xin explains in the post, Google took the best features from the Titan chip used in the company’s Google Cloud data centers and tailored them for mobile. What’s more, as a CNET report notes, the Titan M chip is a dedicated chip of Google’s own making — not part of the Qualcomm Snapdragon 845 processor, which already boasts an assortment of security features.
“Here are a few ways Titan M protects your phone,” Xin explains in the post. “First, to protect Android from outside tampering, we’ve integrated Titan M into Verified Boot, our secure boot process.
“Titan M helps the bootloader — the program that validates and loads Android when the phone turns on — make sure that you’re running the right version of Android. Specifically, Titan M stores the last known safe Android version and prevents ‘bad actors’ from moving your device back to run on an older, potentially vulnerable, version of Android behind your back. Titan M also prevents attackers running in Android attempting to unlock the bootloader.”
The Titan M is also used by the Pixel 3 to verify your lock screen passcode and limit the amount of log-in attempts. Once the passcode has been verified, the Titan M allows for decryption — and the secure flash and fully independent computation of Titan M, Xin’s post adds, also makes it harder for an attacker to tamper with the process to learn what they need to decrypt your data.
Another key point: The Pixel 3 also uses the chip to protect third-party apps and secure sensitive transactions. Xin explains that with Android 9, apps can now take advantage of StrongBox KeyStore APIs to generate and store private keys in Titan M. “The Google Pay team,” according to the post, “is actively testing out these new APIs to secure transactions.” For apps that rely on user interaction to confirm a transaction, meanwhile, Titan M enables Android 9 Protected Confirmation — the first device, according to Google, to ship with this protection.
Finally, Google also built Titan M with “insider attack resistance,” meaning the firmware can’t be updated unless you’ve entered your passcode, leaving bad actors trying to bypass the lock screen out of luck.
We were certainly intrigued upon getting the first word about the chip, going so far as to regard it as possibly even more exciting than the camera processor and maybe even lacking a rival of any kind on computing devices. “With the Pixel 3,” Xin’s post today concludes about the phone that goes on sale in the US tomorrow, “we’ve increased our investment in security and put industry-leading hardware features into the device, so you can rest assured that your security and privacy are well protected.”