Google Enhances Android Security with AI-Powered Scam Detection and Anti-Theft Features

Google announces new security features for Android for protection against scam and theft | TechCrunch

At the Android Show on Tuesday, ahead of Google I/O, Google announced new security and privacy features for Android. These new features include new protections for calls, screen sharing, messages, device access, and system-level permissions. With these features, Google aims to protect users from falling for a scam, keep their details secure in case a device is stolen or taken over by an attacker, and enhance device-level security for various attacks. Phone scammers often ask users to take actions like tapping on unsafe links or downloading unknown apps. In order to protect users, Google is blocking some actions and warning users of a potential scam while they are on a call with someone not in their contact list. For Android 16, these actions include side-loading an app for the first time from a web browser, messaging app, or other sources that have not been verified by Google, and granting accessibility permission to an app so that a scammer can take control of the device. The company is also preventing users running Android 6 or later from disabling Google Play Protect, which scans the device for harmful apps while they are on a call. Google is adding screen-sharing protection as well by reminding users to stop sharing the screen after a call ends. The company is also testing a new warning screen with select banks in the U.K. to prevent fraud through screen-sharing. When users on devices running Android 11 or later open a partner bank's app while sharing the screen while on a call with an unknown number, the device will show them a new warning screen about a possible scam with a button to quickly end the screen sharing. Google is enhancing protection against scams in Google Messages after launching the feature in March. The feature uses on-device AI to alert users of a potential scam based on the conversation. The company is now bolstering user security by having the tool to detect more types of fraud, including crypto, gift card, toll road, and other billing fees, financial impersonation, and technical support. What's more, the company is adding verification keys to the Google Contacts app, which will help users authenticate that the person on the other end is the intended receiver. Users can verify their contacts by having them scan a QR code or match numbers displayed on the screen. Verified keys mean that your conversation with your contact on Google Messages is end-to-end encrypted and secured. Google said that if an attacker starts controlling a phone number through a SIM swap attack and messages you through a new device, the Google Contacts app will show the verification status as unverified. This feature will be available for Google Messages later this summer for users running Android 10 or later versions. Earlier this year, Google rolled out Identity Check protection to Pixel and Samsung devices with OneUI 7. The feature requires users to use biometric authentication to change critical settings like changing your device PIN or biometrics, disabling theft protection, or accessing Passkeys when the user is not at one of the trusted locations they have added. The company is now making this feature available to other device makers with Android 16. Later this year, Google will add better protection for Factory Reset, restricting all kinds of functions on the device that are reset without authorization of the previous lock pattern/PIN or Google account credentials. This essentially makes a stolen device hard to use. To prevent someone from locking your device remotely, the company is adding a security challenge question to prevent unauthorized access. With Android 16, the company will also hide one-time passwords if the device is not connected to Wi-Fi and hasn't been unlocked recently. The company is adding new features to its Google Play Protect live detection program as well, by detecting unsafe apps that have hidden or changed icons. This feature will be available in the coming months for users running Android 6 and later versions. The company said it is now applying a new set of on-device rules to catch more categories of malicious apps. Google is adding new measures to bolster its Advanced Protection Mode, to protect public figures with new on-device features. The company is also debuting a new Find My Hub to keep track of items, friends, and family.

Google Is Using On-Device AI to Spot Scam Texts and Investment Fraud

Android's "Scam Detection" protection in Google Messages will now be able to flag even more types of digital fraud. Digital scammers have never been so successful. Last year Americans lost $16.6 billion to online crimes, with almost 200,000 people reporting scams like phishing and spoofing to the FBI. More than $470 million was stolen in scams that started with a text message last year, according to the Federal Trade Commission. And as the biggest mobile operating system maker in the world, Google has been scrambling to do something, building out tools to warn consumers about potential scams. Ahead of Google's Android 16 launch next week, the company said on Tuesday that it is expanding its recently launched AI flagging feature for the Google Messages app, known as Scam Detection, to provide alerts on potentially nefarious messages like possible crypto scams, financial impersonation, gift card and prize scams, technical support scams, and more. Combined with other AI security features for Google Messages -- all of which run locally on users' devices and do not share data or message content with the company -- Android is now detecting roughly 2 billion suspicious messages a month. "The fraud is truly heartbreaking," says Dave Kleidermacher, vice president of engineering at Android's security and privacy division. "There's really a very huge amount -- almost epidemic and a scourge to humanity -- of financial scams that are all across the world." Scammers operate all over the world, but Chinese scam groups particularly are behind millions of fraudulent messages, demanding things like "toll" payments or information for alleged postal service deliveries. When people click the links and enter their details, including payment information, scammers steal their data. In some cases, the scams are designed as a sort of smash-and-grab, where attackers quickly trick users into giving up some crumbs of information, like a pair of login credentials or a credit card number. These scams tend to be more formulaic and are potentially easier to detect. The more complex challenge is in detecting highly involved investment or romance scams -- often called pig butchering scams -- that build and evolve over months of messaging while scammers build a rapport with their targets before tricking them into handing over their life savings or even going into debt to send more money. "It takes time for them to get to the scam -- it's not just click on the link," Kleidermacher says. "By having the AI on-device, you can actually watch and observe these more sophisticated conversations and then detect their scams." In a screenshot of the Scam Detection feature provided by Google, an encrypted RSC chat shows a typical scam message saying an EZ Pass toll payment is outstanding. The message adds that the "legal ability" to drive may be revoked if the payment is not made. The message includes a link that directs someone toward a malicious payment website. The Scam Detection overlay at the bottom of the screen says that "suspicious activity" has been detected in the message and offers a way to report and block the sender, alongside an option that allows people to flag that it is not a scam. Google is far from the only company using AI to try to combat scammers and stop them from reaching people's inboxes. Some have turned to using AI to directly fight back against scammers. The British telecom company O2, for example, created an "AI Granny" that is set up to keep scammers on the phone and waste their time. And the online scam baiter Kitboga has created a series of bots to make simultaneous calls to call centers that run scams. Meanwhile, in recent months, Meta, which owns WhatsApp, Messenger, and Instagram, has started to introduce pop-up warnings when people are asked to make payments in chat messages. Elsewhere, cybersecurity company F-Secure has created a beta tool to help people identify if a message and sender are likely scammers and block messages. Putting a layer of friction in place that nudges people away from messaging accounts they don't know or replying to messages asking for details can reduce the chances that scammers are successful. Google's Kleidermacher says that the company is seeing "really positive impact" from using its machine learning systems to detect potential scam messages in real time. As the protections continue to mature, he notes that the underlying system could eventually proliferate beyond just the Google Messages app into third-party communication platforms. For now, some of that expansion is starting within Google's own products. The company also said on Tuesday that it is in the early phases of testing ways to incorporate scam detection for phone calls, but the capability has not been widely deployed.

Google is improving scam detection and its Find feature on Android

Additional security improvements are arriving alongside Android 16. Google is introducing and expanding several new security measures that should make it more difficult for criminals to scam Android users or take advantage of stolen Android phones. After introducing AI features in March that detect fraudulent messages based on common language patterns, Google is working on teaching its models to recognize a wider range of text scams, such as those unpaid road toll scams you've probably seen this year. It's also adding faster pattern analysis to Google Play Protect so it can unmask malicious apps more quickly. In addition, Google is in the process of making it impossible to grant certain accessibility privileges while on a call with an unknown contact. Meanwhile, the new Key Verifier feature prevents scammers from co-opting your known contacts, letting you and a trusted contact swap public encryption keys to confirm each other's identities. With the upcoming release of the Android 16 operating system update, Google will also be adding new ways to protect your phone against thieves. The Identity Check feature requires extra biometric verification to change sensitive settings outside user-designated safe locations. It launched on some Pixel and Galaxy devices in January, but Android 16 will widen the rollout. These upgrades should help protect against "shoulder surfing" device thefts and bank account breaches, in which thieves learn passcodes by watching targets unlock their phones, then steal and unlock the devices themselves. Such attacks have been vexing smartphone owners in bars and other crowded venues for years. New anti-theft features include a security question for deactivating remote locks and more restrictions on what can be done to a device after a factory reset. If a phone running Android 16 is not unlocked or connected to Wi-Fi for a while, the lock screen will hide two-factor authentication codes received through texts. Along with the new security features, Android 16 will centralize security under a single device-level feature called Advanced Protection. While the Advanced Protection switch is active, no feature under its umbrella can be turned off. As a final complement to the Android 16 security updates, Google is expanding its Find My Device feature into Find Hub, a dashboard that can locate basically any object with smart capabilities or a bluetooth tag. Find Hub can use ultra-wide band (UWB) on compatible devices to narrow down more precise locations, and can also communicate via satellite so its features work outside cell range. Update, May 14, 2025, 6:28PM ET: This story has been updated and retitled to reflect that the scam detection and key verifier improvements Google announced during the Android Show presentation are not dependent on upgrading to Android 16.

These new Android tools could stop scammers from robbing your loved ones blind

Messages gets broader on-device scam detection, while Key Verifier in Contacts will help confirm contact identities to prevent impersonation. Text and phone call scams have been a problem for years, but recent advancements in AI have made them increasingly sophisticated and harder to detect. While awareness and vigilance are crucial for identifying these scams before they succeed, Google is stepping in to help protect users. The company is introducing new security features across Android, Messages, and Contacts specifically aimed at exposing scammers and preventing people from falling victim.

Google Messages Now Has Better Scam Text Detection

Google has improved its ability to detect scam messages in Google Messages, the default texting app on most Android phones. It now stops billions of suspicious messages every month, and uses on-device processing to protect user privacy. This upgrade is a big step forward for Android security, as it tackles the increase in scams that start out seeming harmless but end up causing financial loss or stolen data. Before, Google Messages' Scam Detection mainly focused on package delivery and job-seeking scams. Now, it covers a much larger range of fraudulent activities. The system uses AI to actively find and warn users about cryptocurrency scams, fake financial messages, toll road and billing fee scams, gift card and prize scams, and tech support scams. This is a lot like how Google uses Gemini Nano to detect scams. Apparently, Google is adapting its understanding based on partnerships with financial institutions around the world. Google claims these partnerships gave the company important insights into the latest scam methods, helping it improve its AI models for better detection. The key to Google Messages' improved scam detection is its on-device AI. This is important for privacy because all messages are checked locally, without sending sensitive data to Google's servers. The AI looks at conversation patterns in real time, spotting suspicious language, links, and requests that could signal a scam. Users get an immediate warning when something suspicious is found, helping them avoid becoming victims. This real-time alert system is a major upgrade over traditional spam filters, which mostly block messages before a conversation starts. Many scams work by building trust over time, and Google's new approach directly fights this tactic. Related Scammers Are Using AI to Pretend to Be Google Be very careful who you give your information to. Posts Besides warnings, people can also report and block suspicious senders. Obviously, reporting helps Google improve its AI even more, letting the system learn and adapt to new scams as they appear, instead of relying on it to catch the messages. This will help more than just yourself because some scammers can get lazy and reuse the same number or method for multiple users. Users also have full control over the system, so you aren't forced to use it. You can turn off Spam Protection, which includes Scam Detection, anytime in Google Messages settings. However, since the data isn't sent to Google and is worked with locally, even in reports, it may be in your best interest to keep it on. Google is already pretty safe. Its Fighting Scams in Search report showed that the company has protected its users from hundreds of millions of scam attempts. However, scammers keep adapting, which is an ongoing battle for both sides. We've already seen improvements in March, so it seems like this is a high priority for Google. Better scam detection works across many Android versions and should reach as many users as possible. While some features might vary slightly depending on the Android version, the main goal is to protect everyone using an Android. Source: Google

Google Messages celebrates 1 billion daily RCS chats with new security features

Google Messages will take a page from WhatsApp for this new feature Summary Google Messages now detects more scam types like crypto, billing, and tech support frauds. A new Key Verifier feature helps confirm a contact's identity using encryption and QR codes. Key Verifier rolls out this summer and will work on all Android 10+ devices in the US. Google has been steadily making Google Messages more feature-rich in recent months, adding essential upgrades like the ability to unsend messages and useful UI tweaks. But one of the most impactful features added recently is real-time scam detection. Although this feature initially launched with the Android 15 December 2024 Feature Drop, it was exclusive to the Pixel 9. Since then, Google has expanded it to more English-speaking regions and additional devices. Now, alongside the rollout of stable Android 16, Google is adding even more security features to Google Messages. Related Why I wouldn't switch to Google Messages just yet Google Messages misses the mark big time Posts 4 First, Scam Detection is getting a major upgrade. While it already uses on-device AI to detect conversational, package delivery, and job-related scams, the system is being improved to catch even more types of sophisticated fraud. New scam types that Google Messages will now detect in real time include: Toll road and billing fee scams Cryptocurrency scams Financial impersonation scams Gift card and prize scams Technical support scams Google Messages is now smarter at spotting shady messages Close In addition to broader scam detection, Google Messages is also introducing a new layer of protection against identity impersonation. A new feature called Key Verifier uses public encryption keys to verify that the person you're messaging is truly who they claim to be. The feature integrates with the Google Contacts app and allows you to scan a QR code to confirm the identity of the person on the other end. Google gives a helpful example of how this could work. If an attacker gains access to your friend's phone number -- say, through a SIM swap attack -- and starts messaging you from a different device, their verification status will be flagged as no longer verified in the Google Contacts app. Verified contacts will show a green lock icon in their contact info, signaling that they are trusted. Key Verifier will roll out in Google Messages later this summer and will support all Android devices running Android 10 or higher, covering over 90% of Android devices in the US. Google also took a moment to highlight how far Messages and RCS have come. The company notes that over a billion RCS messages are now sent daily in the US alone. With this growing user base, it's good to see Google continuing to strengthen security at the same pace.

Google's latest Android tools will protect you from a wider range of scams

Table of Contents Table of Contents Screen sharing alerts for banking scams Contact verification to stop identity fraud Over the past few years, Google has released a host of safeguards for calls, messages, and web browsing that increasingly use AI to protect smartphone users from scams. Ahead of the I/O 2025 developers conference, Google has now detailed the next wave of safety features coming to Android devices this year. Bad actors often trick users into disabling the built-in safeguards, such as Google Play Protect, sideloading malware apps, and enabling permissions that allow data theft. Google says the next-gen safety features in Android will aim to negate these attacks. Recommended Videos Screen sharing alerts for banking scams The first in line is screen-sharing warnings. Online frauds are known to impersonate bank or government officials. I have had a few close calls myself in the past couple of years. As part of their scheme, they ask users to share their screen so that they can commit scams, such as money transfer or installing dangerous packages on their phone. To prevent such scenarios, Google is testing a new in-call protection feature in partnership with banking institutions. When using a banking app while on a call with an unknown contact, your phone will warn you about the risk and give you an option to cut the call and disable screen sharing in one go. This feature will work on devices running Android 11 or a later version, starting with the UK. Google is also expanding the scope of scam detection in the Messages app. So far, it has focused on job and package delivery scams, but Google is now going to sniff out a wider variety of scams in real time. Going ahead, the AI-powered system will also look for fake road toll messages, crypto-related texts, financial impersonation attacks, gift card and free prize alerts, and tech support scams, too. Google is also expanding protection against tech support fraud to the Chrome browser. Contact verification to stop identity fraud Identity and impersonation frauds are rampant these days. I often come across reports in which someone lost a sizeable chunk of their savings to a bad actor pretending to be a friend or family member. To combat impersonation, Google is launching a system called Key Verifier. In the Google Contacts app, you can now ask your friends and family members to verify their contact information using a QR code scan, protected by a layer of encryption. Once the scan is done on the other end, the contact is listed as verified with a green lock icon. How does this help? Well, let's say your friend's phone falls into the wrong hands and a scammer tries to message you by popping the SIM in another phone. When they do so, the sender will appear as unverified, indicating that something is fishy. Key Verifier will be available on all phones running Android 10 or a later version in the coming weeks.

Google Unveils New In-Call Features To Tackle Phone Scams

Google has announced new in-call scam protection features for Android devices, according to a blog post. The new protections will disable certain features and display alerts when a user is on a call with an unknown contact. On top of this, the US-based company will also roll out protections for banking apps and expand real-time scam detection for text messages. This comes months after the company started rolling out an artificial intelligence (AI)-based feature for Google Messages to protect Android users from text message scams. The US-based tech giant unveiled the security features during its event titled - The Android Show: I/O Edition. As per Google's own admission, a billion rich communication services (RCS) messages are sent per day in the US alone. Hence, the scale at which malicious actors are misusing messaging services for scamming people globally could be enormous. For context, RCS is a "modern industry standard" for sending messages that serves as an alternative to the Short Messaging Service (SMS) and Multimedia Messaging Service (MMS). It enables users to send texts, photos and videos over the internet or mobile data more securely than its predecessors. "Our research shows that phone scammers often try to trick people into performing specific actions to initiate a scam, like changing default device security settings or granting elevated permissions to an app," Google said in its blog post. Hence, the tech giant has introduced multiple new in-call safety features for Android users. Android users will not be able to disable the Google Play Protect service while they are on a call with a caller whose number has not been saved on the phone. Google Play Protect is an in-built security feature that scans for "malicious app behaviour" regardless of the source. It is activated on the device by default, but can be disabled if a user wishes to. The company said that the feature will be available on devices running Android 6 or later versions. Google will not allow Android users, with its latest update, to sideload apps on their devices while on a call. Sideloading is when users download an app from a browser, a messaging app, or any other source that Google has not verified. This security measure will come with the Android 16 update. Now, Android users, or any bad actors remotely accessing the device, will not be able to grant accessibility permissions to malicious apps during a phone call. This can potentially prevent hackers from stealing sensitive information from a user's device. Google will roll out the feature on devices running Android 16. Google stated that Android devices will display an alert in case a user decides to share their screen during a call. Specifically, the prompt will ask users to stop screen-sharing at the end of a call. The company claims that these features will help protect users from scammers who attempt to gain access to smartphones to dupe them. Android devices will display a warning when a user shares their screen with an unknown contact while using a banking app. The device will alert people about potential dangers and will also display a single-click option to end the call and stop screen sharing. The safety feature will be automatically enabled for "participating banking apps" on devices running Android 11 or later versions. The company has currently rolled out the feature as a pilot in the UK. Even the tech giant hinted at the rise of screen-sharing scams where fraudsters often impersonate banks and government agencies. In November 2024, the Government of India blocked about 600,000 mobile numbers that were related to the 'digital arrest' scams, as per a report. This reflects a rising trend in fraud and scams that bad actors commit with the help of mobile phones and messages. In April 2025, the US Federal Trade Commission (FTC) published a report highlighting the instances of text-based scams in the US alone. As per the report, FTC's Consumer Sentinel Network received 247,000 lakh reports of scams on messages. "Reported losses to text scams have skyrocketed even as the number of reports declined. In 2024, people reported $470 million in losses to these scams, more than five times the 2020 number. And since the vast majority of frauds are never reported, this number likely reflects only a fraction of the actual harm," the report mentioned. Hence, it is evident that the menace of scams and frauds carried out through smartphones is a worldwide phenomenon. In this light, Google's step to introduce multiple security measures might help in bringing down such instances and also protect vulnerable users. Google has announced the expansion of its AI-based scam detection feature for Google Messages, keeping in view the dynamic nature of new AI-enabled scams and fraud. Android devices will now be able to detect toll road and other billing fee scams, in addition to fraudulent activities related to crypto, financial impersonation, gift cards and prizes, and technical support. The tech giant has also unveiled Key Verifier, a tool that will help in identifying scammers who are impersonating someone the user knows. It uses public encryption keys and fortifies end-to-end encrypted Google Messages. For example, according to Google, if a bad actor gains access to Person A's phone number and uses it on another device to send Person B a message, then it will display A's verification status as not verified in the Google Contacts app. The company will launch the tool "later this summer" for devices running Android 10 or later versions.