Google has bragged about its Pixel 3 phones' custom Titan M security chip, but... what is it doing, exactly? The company is happy to explain. It posted a summary explaining the core of what Titan M does, and it's clear the part is at once a watchdog and a safekeeping box. The chip is tied into Android's secure boot process and saves the last known-safe Android version to prevent attackers from rolling you back to an insecure firmware version. It also blocks attempts to unlock the bootloader (and thus run whatever firmware they like) from within Android, and they can't update your firmware unless you've entered your passcode.
The new hardware also verifies the lock screen passcode and limits the number of sign-in attempts to prevent brute force attacks. The independence of the chip and its protected flash memory make it difficult to meddle with the process, Google said. Apps that use Google's StrongBox KeyStore framework can also generate and store transaction keys in the secure hardware, and protected confirmation ensures that you're the one who authorized a payment. The Google Pay team is "actively testing" the prospect of using these software kits (and thus Titan M) to secure its own transactions.
It's not certain just how well the Titan M will safeguard devices in practice, and the boot protections might raise concerns among enthusiasts hoping to install custom ROMs. How difficult will that be? With that said, Google isn't targeting the hardcore Android fan with this security component. It's more for workers and anyone else who demands strong security above all else.