While there's nothing radically different in the Google Pixel 3 and the Pixel 3 XL, Google has made additions that make the flagship phones more robust and secure. Privacy is something the company takes seriously and the Pixel 3 phones come with Google's proprietary Titan M chip built-in. The chip, Google claimed at the launch, makes the phone more secure preventing bad actors to take control of your data. Now, in a recent blog post on Keyword, Google outlined exactly how the Titan M chip helps in keeping things safe and secure.
The Titan M coprocessor in the Pixel 3 phones is related to Titan chips that Google uses in its data centers to keep them secure. Primarily, the custom chip ensures the phone boots an operating system that hasn't been tampered with by bad actors like malware. Google also cryptographically signed off the chip.
The Pixel 3 phones have a 'verified boot' mechanism which checks if you're running the right version of Android. That mechanism is powered by the custom Titan M chip. The chip keeps a record of the last known safe Android version. It also blocks hackers and malware from downgrading to an older version to exploit security loopholes present in them. In case the phone is infected by a malware, the chip stops the malicious code from unlocking the bootloader and change root-level codes.
The Titan M is based on an ARM Cortex-M3 processor and also helps in keeping the lockscreen secure. Pixel 3 phones (and most Android phones are encrypted) the moment you turn off your screen. The Titan M chip on the Pixel 3 takes things up a notch by enforcing login attempt limits. It also lets the system decrypt if the passcode is verified. As a result, if you forget your passcode, there’s very you can do to recover it.
Google also noted that the Titan M keeps important information like authentication info, payment transaction info, etc. in a secure enclave. The chip itself is kept physically away from the main chipset. That brings down the chances of data getting compromised through side channels. Android 9 comes with StrongBox KeyStore APIs that relies on the Titan M to store private keys of users. Further, there’s a Protected Confirmation API that “help to ensure the user (not malware) has confirmed a transaction.”
The Titan M chip itself is kept secure with a passcode that is set by the user. Without the valid code, the chip’s firmware cannot be updated. As a result, even if the lock screen is bypassed, malicious firmware cannot be installed on the chip, at least in theory.
Google will make the source code of the Titan M firmware public sometime in the future for developers to play with.
The Pixel 3 phones, as a result, seems to be just as secure as the Apple iPhones that also feature a secure enclave in the chip that keeps private keys like transaction info, passwords, etc. sandboxed in a separate unit. Samsung’s flagship devices like the Galaxy Note 9 also feature Knox that mostly do the same thing. Then there are the Blackberry devices that are considered one of the most secure smartphones to use.
Most of Google’s rivals in the smartphone industry, especially the popular flagship phone makers are vying for a larger chunk of the enterprise market. By ensuring hardware-level security for the Pixel 3 phones, Google is pushing for a wider adoption of the Pixel 3 phones in the enterprise segment.