With the Pixel 6 and Pixel 6 Pro, Google introduced the most secure Pixel phone yet. According to them, this is the result of their research into security updates and hardware security layers over the past 5 years. These new Pixel smartphones take a layered approach to security, with innovations ranging from Google Tensor System-on-Chip (SoC) hardware to new Pixel-first features in the Android operating system, making them the first to have Google security on-chip Pixel phone and opened the way to the data center. Several dedicated security teams are also working to keep the Pixel safe through transparency and external verification.
security to the core
Google puts user data protection and transparency at the forefront of hardware security with Google Tensor. The main processor of Google Tensor is based on Arm and utilizes TrustZone ? technology. But Google says that TrustZone is a key part of our security architecture for general security processing, but the security improvements included in Google Tensor go beyond TrustZone.
Pixel’s safe environment
Google says its Tensor Security Core is a custom-designed security subsystem focused on user privacy protection. It differs from an application processor, not only logically but physically, and consists of a dedicated CPU, ROM, one-time programmable (OTP) memory, cryptographic engine, internal SRAM, and protected DRAM . For the Pixel 6 and 6 Pro, the primary use cases for the Security Core include protecting user data keys at runtime, hardening Secure Boot, and interfacing with the Titan M2 TM.
Google says that your secure hardware is as good as your secure operating system, and we’re using Trusty, our open source trusted execution environment. Trusty OS is the secure operating system used in TrustZone and Google Tensor Security Core.
Google has enhanced the security of the Pixel 6 and Pixel 6 Pro thanks to the new Titan M2 TM. From Google’s introduction, we know that this is an independent security chip designed and developed by Google. In this chip, they switched to an in-house designed RISC-V processor with extra speed and memory, and made it more resistant to advanced attacks. Google says the Titan M2 TM has been tested by an independent, accredited evaluation lab against the most stringent vulnerability assessment standard, AVA_VAN.5. Titan M2™ also supports Android Strongbox to securely generate and store keys used to protect your PIN and password, and works hand in hand with the Google Tensor Security Core to protect user data keys used in the SoC.
The Pixel 6 and Pixel 6 Pro take the system to the next level with Android 12 and a host of Pixel-first and Pixel-exclusive features.
In a blog post, Google emphasized that the company’s goal is to provide users with better ways to control their data and manage their devices with each version of Android. Starting with Android 12 on Pixel, you can manage all your security settings in one place with the new Security Center. It helps protect your phone, apps, Google Account and passwords by giving you a centralized view of your device’s current configuration. Security Center also provides suggestions for improving your security and helps you determine which settings best meet your needs.
To protect privacy, Google is also introducing the Privacy Dashboard, which gives you a straightforward timeline view of the apps that have accessed your location, microphone, and camera in the past 24 hours. If you find that your app is accessing more data than you expected, the dashboard provides a control path to dynamically change these permissions.
To provide extra transparency, new indicators in the Pixel status bar will show you when apps access your camera and microphone. If you want to disable that access, a new privacy toggle lets you turn off camera or microphone access across apps on your phone at any time with a single click.
The Pixel 6 and Pixel 6 Pro also include a switch that lets you disable the device’s ability to connect to less secure 2G networks. While necessary in some cases, accessing a 2G network may open additional attack vectors; this toggle helps users mitigate these risks when a 2G connection is not required.
Google says that by making all of its products secure by default, Google products keep more people safe online than any other device in the world. For the Pixel 6 and Pixel 6 Pro, we’ve also added the default built-in protection.
According to Google, its new optical in-Display fingerprint sensor keeps your biometrics safe and never leaves your device. As part of the company’s ongoing security development lifecycle, Google’s fingerprint unlock for the Pixel 6 and 6 Pro has been externally verified by security experts as a robust and secure biometric unlock mechanism that meets the Android 12 Compatibility Definition Document (CDD) Level 3 strength requirements as defined in .
We know from Google’s presentation that phishing is still a huge attack vector, affecting everyone on different devices.
But the Pixel 6 and Pixel 6 Pro introduce new anti-phishing protections. Built-in protection automatically scans for potential threats from phone calls, text messages, emails, and links sent through the app, and notifies you when there are potential issues.
Google has also enhanced device detection in Google Play Protect to better protect users from bad apps. Since its launch in 2017, Google Play Protect has provided the ability to detect malicious apps even when the device is offline. Pixel 6 and Pixel 6 Pro use new machine learning models that improve malware detection in Google Play Protect. Detection runs on your Pixel and uses a privacy-preserving technique called federated analysis to find frequently running bad apps. This will help further protect over 3 billion users through improvements to Google Play Protect, which already analyzes over 100 billion apps daily to detect threats.
Many of the Pixel’s privacy-preserving features run in the Private Compute Core, an open-source sandbox isolated from the rest of the operating system and applications. Google’s open source Private Computing Service manages network communications for these functions and uses federated learning, federated analysis, and private information retrieval to improve functionality while protecting privacy. Some of the features already running on Private Compute Core include Live Captions, Now Playing, and Smart Reply suggestions.
Google Binary Transparency (GBT) is the latest addition to their open and verifiable security infrastructure. Based on this, a new layer of software integrity is available for your device. Based on the principles pioneered by Certificate Transparency, GBT helps ensure that your Pixel is only running verified operating system software. It works by using an append-only log to store the signed hash of the system image. The logs are public and can be used to verify that what is published is the same as what is on the device – allowing users and researchers for the first time to independently verify the integrity of the operating system.
more than just a phone call
Defense in depth is not just a matter of hardware and software layers. Security is a rigorous process. Pixel 6 and Pixel 6 Pro benefit from in-depth design and architecture reviews, memory-safe rewrites of safety-critical code, static analysis, formal verification of source code, fuzzing and red-teaming of critical components, including external Security Labs collaborates to pen test their devices. Pixel phones are also part of Android’s bug bounty program, a program that spent $1.75 million last year, creating valuable feedback between Google and the security research community. Most importantly, help us keep our users safe.
The Titan Backup Architecture complements this combined hardware and software security system, allowing your Pixel to safely dabble in the cloud. Launched in 2018 and combined with Android’s backup service and Google Cloud’s Titan technology, that means backed-up app data can only be decrypted with a randomly generated key, and anyone except the client, including Google Nobody knows. This end-to-end service is independently audited by a third-party security lab to ensure that no one can access a user’s backup application data without knowing the user’s password.
What’s more, this end-to-end security from hardware, software to the data center provides no less than 5 years of Android security update guarantee on Pixel 6 and Pixel 6 Pro devices, which is Google’s important commitment to the industry, They hope other smartphone makers will expand on this trend.
“Our security chipset, software, and processes work together to make the Pixel 6 and Pixel 6 Pro the most secure Pixel phones to date,” Google emphasized.