One of the highlight features of the Google Pixel 3 and Pixel 3 XL is the Titan M, a chip that gives Google's new flagship phones added security. Today Google shared some details on exactly how the Titan M secures the new Pixel devices.
Titan M has been integrated into Verified Boot, Google's secure boot process, helping the bootloader to make sure that you're running the correct version of Android. Specifically, it makes sure that you're on the latest safe version of Android, preventing malicious parties from moving you back to an older, more vulnerable version of Android. Titan M also prevents attackers from trying to unlock your phone's bootloader.
The Pixel 3 and Pixel 3 XL also use Titan M by verifying your lock screen password and limiting the number of login attempts. The Titan M's secure flash and fully independent computation make it harder for an attacker to tamper with the login process, too.
Using its insider attack resistance, Titan M will never be updated without you entering your passcode. This means that malicious parties can't bypass your lock screen to update your phone's firmware to a vulnerable or malicious version.
Finally, Titan M can be used to protect third-party apps and sensitive transactions. With Android 9 Pie, apps can use StrongBox KeyStore APIs to generate and store private keys in Titan M. The Google Pay team is also working on using these APIs to secure transactions. And for apps that require user interaction to confirm a transaction, Titan M enables the Android 9 Protected Confirmation API to ensure that you've confirmed a transaction and not malware.
Smartphones are extremely important to many people, as they can be a person's main form of communication, help someone stay connected to the world around them, and store a lot of personal data. Because of this, there are a lot of malicious parties out there that want to hack into a person's phone and do bad things with the data inside. The Titan M should make that harder when it comes to the Pixel 3 and Pixel 3 XL, and it's good to see Google making it a focus to help protect their users' data.
