Security is often top of mind for enterprise customers when it comes to choosing a device for work. Company data should be protected against all manner of threats to avoid a costly and distressing security breach.

The new Google Pixel 2 was built with a tamper-resistant hardware security module that reinforces the lock screen against malware and hardware attacks to better safeguard the data stored on your device, like emails, contacts and photos. This is the first of what we hope are many Android devices that feature dedicated security modules.

Benefits of tamper-resistant hardware

The lock screen is the first line of defense in protecting your data from attacks. Devices that ship with Android 7.0 and above verify your lock screen passcode in a secure environment, such as the Trusted Execution Environment or TEE, that limits how often someone can repeatedly brute-force guess it. When the secure environment has successfully verified your passcode does it reveal a device and user-specific secret used to derive the disk encryption key. Without that key, your data can’t be decrypted.

The goal of these protections is to prevent attackers from decrypting your data without knowing your passcode. However, the protections are only as strong as the secure environment that verifies the passcode. Performing these types of security-critical operations in tamper-resistant hardware significantly increases the difficulty of attacking it.