When Google launched its flagship Pixel 6 and 6 Pro smartphones last year, the company touted its Tensor “system on a chip” and dedicated Titan M2 security chip as being designed to underpin a new generation of security and privacy features. Now, as it releases Pixel 7 and 7 Pro, the company said today that it is building on that foundation with the new Tensor G2 processor, expanded independent security certifications for Titan M2, and software features like an upcoming built-in Android VPN to protect user privacy while maintaining performance.
Google spent three years subjecting Titan M2 to testing by the third-party lab SGS Brightsight. The chip now has an array of “Common Criteria” hardware security certifications, the same process smart cards, SIM cards, and bank card chips go through. And Titan M2 passed the highest hardware vulnerability assessment, meaning that it is highly resistant to physical attacks, an area that has been increasingly important to chip makers in recent years.
“This testing emulates the sophistication of state-sponsored attacks, someone who’s got almost unlimited resources and determination,” says Dave Kleidermacher, vice president of engineering for Android security and privacy. “At Google and for Pixel, we talk a lot about the exploit cost. Nothing is ever perfect, there are going to be vulnerabilities and exploits, but we want to always continually raise the cost to the attacker.”
With Pixel 7 and 7 Pro, Google is continuing to expand its efforts on what the company calls “Protected Computing.” The goal is to restrict how and when user data can be accessed, de-identify and anonymize data when it must be used, minimize the amount of identifying data that is generally produced about a user, and keep as much processing out of the cloud and on users’ devices as possible. On Pixel devices, Google has control of both hardware and software, which the company says allows it to plan strategically and maximize security and performance, rather than having to make tradeoffs.
Though the privacy and security benefits of VPNs are somewhat debated for the average user, VPN by Google One will be released as a built-in service for Pixel 7 and 7 Pro by the end of this year for users who want to encrypt their network traffic and shield their IP address from mobile networks and internet providers. Google points out that, historically, users who wanted to add a VPN on mobile needed to download a third-party option rather than having an optimized and integrated service.
VPN by Google One is open source and aims to address some classic concerns about VPNs by separating authentication and key management for encryption onto distinct servers that can’t access each other. In essence, the service is set up to blind itself such that even a rogue insider would not be able to determine who you are and what your browsing history is by compromising the service. Google also says that it does not log user browsing data, though the company says it does record some anonymized, aggregate metrics. In addition to publishing a breakdown of how the service works, Google also commissioned and published an independent audit from NCC Group on VPN by Google One’s security.
“We’re investing quite a lot in making sure we have extensive first-party and third-party audits, reviews, certification, and analysis to see that we really are providing verifiable security and privacy guarantees,” says Jesse Seed, Google’s product manager lead for silicon security.
Just as Pixel 7 and 7 Pro have logged mostly incremental improvements in their feature sets, the security and privacy changes aren’t revolutionary. But Kleidermacher and Seed emphasize that the changes this year are hard-won—and with so many digital threats to contend with, both for high-risk targets and regular users, every little bit counts.