Google has always placed security as a top priority for the Pixel line of devices, involving both the hardware and software aspects of the phone. With monthly security and yearly OS updates being rolled out regularly, you will be certain that the Pixel has always the most secure version of Android. Not forgetting Google Play Protect that helps safeguard phones from malware as well. Even the Pixel 2 that was released last year included a dedicated tamper-resistant hardware security module that helps protect the phone’s lock screen and strengthen disk encryption.
This year, with Pixel 3, we’re advancing our investment in secure hardware with Titan M, an enterprise-grade security chip custom built for Pixel 3 to secure your most sensitive on-device data and operating system. With Titan M, we took the best features from the Titan chip used in Google Cloud data centres and tailored it for mobile.
1. Security in the Bootloader
Google has now integrated Titan M into Verified Boot – a secure boot process.
Titan M helps the bootloader—the program that validates and loads Android when the phone turns on—make sure that you’re running the right version of Android. Specifically, Titan M stores the last known safe Android version and prevents “bad actors” from moving your device back to run on an older, potentially vulnerable, version of Android behind your back. Titan M also prevents attackers from running in Android attempting to unlock the bootloader.
2. Lock Screen Protection & Disk Encryption On-Device
The Pixel 3 also uses Titan M to verify your lock screen passcode. It makes the process of guessing multiple password combinations harder by limiting the number of login attempts, making it difficult for bad actors to unlock your phone. Only upon successful verification of your passcode will Titan M allow for decryption.
In addition, the secure flash and fully independent computation of Titan M makes it harder for an attacker to tamper with this process to gain the secrets to decrypt your data.
3. Secure Transactions in Third-Party Apps
Titan M is used not only to protect Android and its functionality but also to protect third-party apps and secure sensitive transactions. With Android 9, apps can now take advantage of StrongBox KeyStore APIs to generate and store their private keys in Titan M. The Google Pay team is actively testing out these new APIs to secure transactions.
For apps that rely on user interaction to confirm a transaction, Titan M also enables Android 9 Protected Confirmation, an API for protecting the most security-critical operations. As more processes come online and go mobile—like e-voting, and P2P money transfers—these APIs can help to ensure that the user (not malware) has confirmed the transaction. Pixel 3 is the first device to ship with this protection.
4. Insider Attack Resistance
Last, but not least, to prevent tampering, Titan M is built with insider attack resistance. The firmware on Titan M will never be updated unless you have entered your passcode, meaning bad actors cannot bypass your lock screen to update the firmware to a malicious version.
With the Pixel 3, we’ve increased our investment in security and put industry-leading hardware features into the device, so you can rest assured that your security and privacy are well protected. In the coming months, the security community will be able to audit Titan through its open-source firmware.