Skip to main content

Google details how its Titan M chip makes the Pixel 3 so secure

Google’s Pixel 3 doesn’t completely overhaul the company’s flagship smartphone, but it includes a lot of welcome upgrades. One of those is the new Titan M security chip which is built into the device. Now, Google is detailing a few ways in which that chip makes the Pixel 3 its most secure smartphone to date.

In a post on The Keyword, Google sheds some new light on how the Titan M security chip, which is noted in a recent teardown, is used to make the Pixel 3 and Pixel 3 XL more secure smartphones. The first way is by integrating the chip into the Verified Boot process on these devices. This functionality in itself has been around since Android Oreo with “Rollback Protection.”

Essentially, the idea is to keep “bad actors” from moving users back to older, less secure versions of Android behind the user’s back. With Titan M, the process is even harder, and it prevents attackers from attempting to unlock the bootloader as well.

Titan M helps the bootloader—the program that validates and loads Android when the phone turns on—make sure that you’re running the right version of Android. Specifically, Titan M stores the last known safe Android version and prevents “bad actors” from moving your device back to run on an older, potentially vulnerable, version of Android behind your back. Titan M also prevents attackers running in Android attempting to unlock the bootloader.

Further, Google’s new chip secures the Pixel 3 by integrating it in the unlocking process. By moving the data required for this process to secure flash storage independent of the rest of the phone, it makes it harder for an attacker to tamper with or decrypt this data. Google also mentions that the Titan M is built with “insider attack resistance” which prevents the firmware on the chip from being updated without the user’s passcode.

Pixel 3 also uses Titan M to verify your lock screen passcode. It makes the process of guessing multiple  password combinations harder by limiting the amount of logon attempts, making it difficult for bad actors to unlock your phone. Only upon successful verification of your passcode will Titan M allow for decryption.

In addition, the secure flash and fully independent computation of Titan M makes it harder for an attacker to tamper with this process to gain the secrets to decrypt your data.

Thanks to this new chipset, Google’s Pixel 3 is also the first phone to ship with “Protected Confirmation.” This uses a series of APIs within Android 9 Pie to secure sensitive transactions, generating and storing private keys within the Titan M chipset. Google Pay is actively working on taking advantage of this functionality.

For apps that rely on user interaction to confirm a transaction, Titan M also enables Android 9 Protected Confirmation, an API for protecting the most security-critical operations. As more processes come online and go mobile—like e-voting, and P2P money transfers—these APIs can help to ensure that the user (not malware) has confirmed the transaction. Pixel 3 is the first device to ship with this protection.

More on Google Pixel 3:


Check out 9to5Google on YouTube for more news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel