Android Goes Big on Security at Google IO: New Measures to Combat Fraud and Enhance User Safety
User safety remains paramount for Android. The platform is committed to staying ahead of scammers, fraudsters, and bad actors by continuously evolving its security features and AI-powered protections. Today, several new fraud and scam protection features are being announced for Android 15 and Google Play services updates, aimed at safeguarding users globally and supporting developers in building safer apps.
Google Play Protect Live Threat Detection
Google Play Protect currently scans 200 billion Android apps daily, protecting over 3 billion users from malware. With the upcoming live threat detection, Play Protect’s on-device AI will analyze additional behavioral signals, focusing on sensitive permissions and app interactions.
If suspicious behavior is detected, the app is sent to Google for review, and users are warned or the app is disabled if malicious activity is confirmed. This process, powered by Private Compute Core, preserves user privacy without collecting personal data. This feature is expected to roll out on devices from Google Pixel, Oppo, Honor, Lenovo, OnePlus, Nothing, Transsion, Sharp, and others later this year.
Stronger Protections Against Fraud and Scams
Android 15 introduces key enhancements to combat fraud and scams:
Protecting One-time Passwords (OTPs): Except for specific apps like wearable companion apps, OTPs will now be hidden from notifications, closing a common attack vector for fraud and spyware.
Expanded Restricted Settings: Building on Android 13’s restricted settings, additional sensitive permissions will now require user approval when installing apps from sideloading sources like web browsers and file managers.
Additionally, a scam alert feature using Gemini-Nano AI is being tested to detect conversation patterns associated with fraud, providing real-time warnings to users.
Protecting Against Screen-Sharing Social Engineering Attacks
Android 15 will enhance controls for screen sharing to prevent social engineering attacks:
Automatically Hidden Notifications and OTPs: During screen sharing, private notification content will be hidden, protecting sensitive data from remote viewers.
Safer Logins: Credentials like usernames, passwords, and credit card numbers will be hidden during screen-share sessions.
Choose What You Share: Users can share content from a single app rather than the entire screen, preserving privacy.
A new, prominent screen indicator will always notify users when screen sharing is active, allowing them to stop sharing with a simple tap.
Advanced Cellular Security to Fight Fraud and Surveillance
New cellular protections in Android 15 include:
Cellular Cipher Transparency: Users will be notified if their cellular network connection is unencrypted, warning them of potential voice and SMS traffic interception.
Identifier Disclosure Transparency: High-risk users like journalists will be alerted if a false cellular base station or surveillance tool is recording their location using a device identifier.
These features require integration with device OEMs and compatible hardware, with OEM adoption expected to progress over the next few years.
More Security Tools for Developers to Fight Fraud and Scams
The Play Integrity API helps developers ensure their apps are unmodified and running on genuine Android devices. Recent updates include:
Risk from Screen Capturing or Remote Access: Developers can detect apps capturing the screen or controlling the device, protecting sensitive information.
Risk from Known Malware: Developers can check if Google Play Protect is active and the device is free of known malware, enhancing security for financial and banking apps.
Risk from Anomalous Devices: Developers can receive recent device activity to identify potential attacks.
Upgraded Policies and Tools for Developers to Enhance User Privacy
To make photo permissions more private, apps on Play must now justify the need for broad access to photos or videos. Starting this year, Play will enforce this policy, and the updated photo picker will support cloud storage services and enhanced search functionality.
Always Evolving Multi-Layered Protections
Android’s commitment to user safety is unwavering. The platform’s multi-layered user protections combine advanced AI with close partnerships across OEMs, the Android ecosystem, and the security research community. Building a secure Android experience is a collaborative effort, and the platform will continue working tirelessly to safeguard devices and data.
Related
