Google Details How Its Titan M Security Chip Locks Down And Encrypts Pixel 3 Phones

Pixel 3 Phones
One aspect of smartphones that largely gets overlooked is security. For many consumers, the technical details surrounding stronger encryption just isn't as interesting as advancements in camera technology and other prominent features. For those who do care to know more, however, Google wrote a blog post describing its Titan M chip that is the backbone of security for its recently launched Pixel 3 and Pixel 3 XL handsets.

"Last year on Pixel 2, we also included a dedicated tamper-resistant hardware security module to protect your lock screen and strengthen disk encryption. This year, with Pixel 3, we’re advancing our investment in secure hardware with Titan M, an enterprise-grade security chip custom built for Pixel 3 to secure your most sensitive on-device data and operating system. With Titan M, we took the best features from the Titan chip used in Google Cloud data centers and tailored it for mobile," Google explains.

Titan M

That tiny chip offers a range of features that help keep Pixel 3 devices locked down. One of the features of Titan M is security in the bootloader. Google integrated Titan M into Verified Boot, which is Google's secure boot process, to ensure that users are running the correct version of Android (as opposed to one that has been tampered with and is potentially malicious).

"Specifically, Titan M stores the last known safe Android version and prevents “bad actors” from moving your device back to run on an older, potentially vulnerable, version of Android behind your back. Titan M also prevents attackers running in Android attempting to unlock the bootloader," Google says.

Securing the bootloader is just the tip of the iceberg. Titan M serves to verify the lock screen passcode and prevent brute force attacks, it protects third-party apps and sensitive transactions a user might make with their smartphone, and is built with "insider attack resistance."

"The firmware on Titan M will never be updated unless you have entered your passcode, meaning bad actors cannot bypass your lock screen to update the firmware to a malicious version," Google adds.

For those who want to know more about Titan in general, Google took a deeper dive into the purpose-built security chip in an older, separate blog post. Not all of the features discussed there are relevant to the mobile port, but it's nice to see Google taking security as serious as it does. As for consumer privacy? Well, that's a topic for another day.