Google’s cavalcade of blue-red-yellow-green news continues with a review of how security in Android has improved. First up are verified calls from compatible banks, to counter the risk of spoofing and fraudulent calls.
According to Google, fake bank calls resulted in $950 million in fraud last year globally. For the protection to work, the user needs to have the bank’s app installed and also be logged in. When the user receives a call that appears to be from the bank, the system asks the app: “is this call really from you?”. Without an affirmative answer, the call is terminated.
In Sweden, we are not permanently logged in to banking apps. However, banks can also specify that numbers are incoming only. Calls that appear to come from those numbers are automatically rejected. Only three banks will support the function from the start: Revolut, Itau and Nubank.
We’re moving forward with an improvement to Android’s live threat detection. Android analyzes app behavior in real time and warns if an app is behaving suspiciously. The live detection now includes protection against an app surreptitiously forwarding an SMS to another number, as well as protection against apps tricking the user into doing unintended things through the accessibility permission.
When a device running Android 17 or later is marked as missing in Find Hub required both biometrics and PIN to unlock the device. If the attacker has managed to get hold of your PIN, that is not enough to get into the phone. Biometrics thus become a kind of 2FA. Marking a device as lost also activates other protections, such as hiding the quick settings and preventing connection to new Wi-Fi networks and Bluetooth devices.
We can already give an app or website access to our approximate location, our exact location, as well as just give an app access this particular session. Android 17 introduces a new variant. Users can grant precise access temporarily for a specific task while a specific app is open.
By ensuring data is shared only during active use, this update offers a significant privacy win that eliminates unnecessary tracking while keeping you in total control of your location details
More security improvements in brief
- Dynamic signal monitoring should detect suspicious behavior, such as when an app hides its icon and starts in the background. Requires Android 17.
- Safe Browsing in Chrome checks for malware in downloaded APK files: if malware is detected, the download is prevented.
- Android’s advanced protection supports USB protection and “intrusion logging”, which is a kind of forensic tracking of possible intrusions (Android 16 and later).
- In Android 17, Advanced Protection prevents access to the accessibility service for any app that isn’t specifically an accessibility tool. The permission is often used to offer special features unrelated to accessibility (accessibility)
- Android 17 severely limits the number of times an attacker can guess a PIN or password. The waiting time between failed attempts has also been increased.
- The status bar shows when an app is using location services, just like when an app is using the camera or microphone.
- Apps can request access to a specific contact, instead of the entire contact list.