The new hardware also verifies the lock screen passcode and limits the number of sign-in attempts to prevent brute force attacks. The independence of the chip and its protected flash memory make it difficult to meddle with the process, Google said. Apps that use Google’s StrongBox KeyStore framework can also generate and store transaction keys in the secure hardware, and protected confirmation ensures that you’re the one who authorized a payment. The Google Pay team is “actively testing” the prospect of using these software kits (and thus Titan M) to secure its own transactions.
It’s not certain just how well the Titan M will safeguard devices in practice, and the boot protections might raise concerns among enthusiasts hoping to install custom ROMs. How difficult will that be? With that said, Google isn’t targeting the hardcore Android fan with this security component. It’s more for workers and anyone else who demands strong security above all else.