Google's new Android security features auto-block banking scams and protect user privacy

Android will hang up on banking scammers for you - how its new anti-spoofing feature works

This Android feature aims to protect you from banking scams.It will detect and hang up calls from spoofed numbers.The feature will expand to more banks later this year. Scammers love to impersonate businesses you trust in hopes of convincing you to fall for their cons. One tactic they use is to call you pretending to be from your bank or financial institution. The goal is to trick you into sending them money or revealing your account details. Now, Google is rolling out a new security tool that aims to combat these types of spoofed calls. Designed to protect you from financial theft or account compromise, the feature aims to detect spoofed calls. Here's how it works. First, you need to install your bank's app on your Android device. When you receive a call that seems to be from your bank, Android queries the app for confirmation to determine if the call is legit. If the app finds that no one from the bank is actually calling you, the call is disconnected. Also: The patching treadmill: Why traditional application security is no longer enough In some cases, a bank could also assign certain phone numbers to be inbound-only, meaning they're never used to call customers. Any call spoofing from one of these numbers will also automatically be ended. Spoofing a number from a trusted business like your bank isn't that difficult. Scammers use internet-based calling systems to spoof their caller ID so it appears they're calling from a different number. This type of caller ID spoofing can easily turn you into a victim of financial fraud. These scams have led to annual losses of more than 850 million euros (around $997 million), according to a paper released by Europol last October. To kick off this new feature, Google said that it's working with select banks and financial institutions to implement these verified forms of financial calls. Rolling out to devices with Android version 11 or higher in the coming weeks, the verification will start slowly. Initially, only Brazil-based banks Revolut, Itaú, and Nubank will be on board. But Google promises that more banks will be supported later in the year. Beyond the spoofed call protection, Google has a few other tricks up its sleeve to defend the privacy and security of Android users. Scammers will try to intercept the one-time passwords (OTPs) from your text messages to snoop on your personal accounts. To thwart this, Android will now automatically hide these security codes for three hours from most apps, making sure that the OTPs are safe from unauthorized access. Launched in 2024, Live Threat Detection analyzes the behavior of apps via on-device AI and then alerts you if an app seems suspicious. With the latest enhancements, this feature will warn you about any suspicious behavior that could also be dangerous or harmful. The protection will also extend to such activities as SMS forwarding in which an app forwards a message to another phone number. Another existing security feature, Advanced Protection warns you about apps that try to change or hide their icons, a potential sign that they could be malicious. With Android 17, Advanced Protection will also remove access to the accessibility service for all apps not labeled as accessibility tools. Google's Find Hub already helps you track down a lost or stolen phone, allowing you to lock it remotely. Currently, your device can be unlocked by anyone who knows its passcode or PIN. With Android 17, you'll be able to require that the phone be unlocked only through biometric authentication, such as your facial or fingerprint scan. The goal is to prevent thieves who discover your passcode from unlocking your phone. Many apps ask for your location so they're able to work effectively. These include navigation apps that need to know your exact whereabouts. Coming in Android 17 is a new location button that lets you share your precise location but only for specific tasks while an app is open. As an example, you could use this to track down a nearby restaurant without granting permanent access to your location each time you open the app. "The updates we've shared today represent a significant leap forward in our journey toward a world of verifiable, transparent trust," Google said in a new blog post. "By improving protections against banking scams and extending powerful protections like Live Threat Detection and Android Advanced Protection, we are ensuring that Android remains the most secure platform."

Your Android phone is about to get much better at blocking scams

Google announces verified financial calls, smarter threat detection, and expanded scam protection for Android. Google has announced a broad set of security upgrades for Android at the Android Show I/O Edition today, and the most impactful ones target the scams that cost users real money. From automatically hanging up on fake bank calls to hiding your one-time passwords (OTPs) from malicious apps, the updates add up to Google's most significant push yet to protect Android users from fraudsters and rogue software. Your bank will verify its own calls The headliner of today's announcement is verified financial calls, a new feature that automatically ends phone calls from numbers spoofing your bank or financial institution. Phone spoofing, where scammers use internet-based calling systems to fake a trusted caller ID, costs users an estimated $950 million annually worldwide. With the new feature, if you have a participating bank's app installed and are signed in, Android will automatically check with the app in real time to confirm whether it's actually calling you. Recommended Videos If the app says it isn't, your phone will automatically hang up. The feature will roll out in the coming weeks to devices running Android 11 and later. At launch, it'll support Revolut, Itaú, and Nubank, with more banks to follow later this year. Android's Live Threat Detection is also getting broader coverage. The on-device AI tool will flag apps that silently forward your SMS messages or use accessibility permissions to display hidden content on your screen. A new dynamic signal monitoring capability will go even further, watching in real time for apps that change or hide their icons before launching in the background, which is a common malware tactic. It will also allow Google to push updated threat rules to devices as new attack patterns emerge. Dynamic signal monitoring will arrive with Android 17 on select devices in the second half of the year. Android will also automatically hide OTPs from most apps for three hours, so malicious apps with SMS access won't be able to intercept them while they're active. Chrome on Android will gain the ability to scan APK files for known malware before a download completes. This feature will be available to users who have Safe Browsing turned on. Stronger protections for high-risk users For users who need the strongest protections available, Android's Advanced Protection mode will get a significant upgrade with Android 17. It will restrict accessibility service access to apps explicitly labeled as accessibility tools, disable device-to-device unlocking and Chrome WebGPU support, and add scam detection for chat notifications. Android Enterprise support for Advanced Protection will arrive later in the year. Two new security features are already in the process of rolling out ahead of Android 17: USB protection is coming to all devices running Android 16 and later, and Intrusion Logging, developed in partnership with Amnesty International and Reporters Without Borders, is rolling out to devices running the Android 16 December update and newer. On the OS integrity front, Android 17 will introduce Android OS verification, which will let you confirm your device is running an official build of Android. The feature will first arrive on Pixel devices. Google will also launch a public, append-only ledger that provides cryptographic proof that production Google apps on Android are authentic. Android 17 will also introduce Post-Quantum Cryptography to protect data against future threats, and carriers will gain the ability to configure the disable 2G toggle to default to off, cutting off a common vector for network-based attacks. Most of these protections will work automatically in the background, meaning Android users will be safeguarded against a wide range of attacks without having to change a single setting.