Titan M inherits some of the features used in Google Cloud data centers, tailored for mobile.
To protect Android from outside tampering, Google has integrated Titan M into Verified Boot, its secure boot process.
Titan M helps the bootloader-the program that validates and loads Android when the phone turns on-make sure that you're running the right version of Android. Specifically, Titan M stores the last known safe Android version and prevents "bad actors" from moving your device back to run on an older, potentially vulnerable, version of Android behind your back. Titan M also prevents attackers running in Android attempting to unlock the bootloader.
Google's Pixel 3 also uses Titan M to verify your lock screen passcode. It makes the process of guessing multiple password combinations harder by limiting the amount of logon attempts, making it difficult for bad actors to unlock your phone. Only upon successful verification of your passcode will Titan M allow for decryption.
In addition, the secure flash and fully independent computation of Titan M makes it harder for an attacker to tamper with this process to gain the secrets to decrypt your data.
Titan M is used not only to protect Android and its functionality, but also to protect third-party apps and secure sensitive transactions. With Android 9, apps can take advantage of StrongBox KeyStore APIs to generate and store their private keys in Titan M. The Google Pay team is testing out these new APIs to secure transactions.
For apps that rely on user interaction to confirm a transaction, Titan M also enables Android 9 Protected Confirmation, an API for protecting the most security-critical operations. As more processes come online and go mobile-like e-voting, and P2P money transfers-these APIs can help to ensure that the user (not malware) has confirmed the transaction.
To prevent tampering, Titan M is built with insider attack resistance. The firmware on Titan M will never be updated unless you have entered your passcode, meaning bad actors cannot bypass your lock screen to update the firmware to a malicious version.