Google has just unveiled the new features of Android 16. The new version of the operating system includes a series of "intelligent protections" designed to protect users against "everyday dangers", explains Dave Kleidermacher, Google's vice president of engineering for security and privacy.
Android 16 and phone scams
The Mountain View giant explains that it has first tackled phone scams. Very often, cybercriminals contact the user by phone and try to push them to "change the phone's security settings or grant special permissions to an application". In these scams, the hacker pretends to be a trusted contact, such as a customer service representative or a bank advisor. By forcing the target to disable security mechanisms or grant a host of permissions, the criminal can steal data, conduct an espionage operation, or steal money.
To combat phone scams, Google has developed protections that apply "during conversations with people who are not in your contacts". During calls, you won't be able to disable Google Play Protect, install an app through your web browser, or grant accessibility permissions to a new app. These measures should prevent a user who has fallen prey to a hacker from installing a malicious app on their phone.
Improvements to Play Protect
Google is making a series of improvements to Play Protect. Play Protect will now be able to detect certain behaviors adopted by malicious Android apps, such as icon modification. Some apps can change their icon logo to avoid being detected. This is one of the most common tactics used by spy apps or apps designed to display unwanted ads.
Google Play Protect's "live threat detection will be able to spot these deceptive behaviors and alert you", Google says. Play Protect is also intended to be faster. In concrete terms, Google will identify malicious apps faster than ever.
Screen sharing under high surveillance
Moreover, Android will automatically offer to turn off screen sharing once a call ends. Scammers often push the target to share the contents of their screen, which allows them to view a wealth of sensitive information. Fraudsters "often impersonate banks, government agencies, or other trusted institutions" and ask users to make a transfer or log in to their banking app, Google explains.
To block these attacks, Android 16 will also display a warning if you open your bank's app while sharing your screen. The warning will offer "to end the call and stop screen sharing with a single tap.". The alert should make the user understand that they are in danger. Several British banks will test the feature in the coming weeks. Google has not specified when the option will be available to all users.
Google Messages improves its security
Some scams also start via SMS. Over the past year, ProofPoint researchers have recorded a 312% increase in SMS scams worldwide. In Android 16, Google has therefore included new protections for Google Messages. As the company announced last March, the messaging service now has an AI that is capable of identifying behaviors frequently associated with scams in received SMS messages.
This feature is evolving and will now be able to detect "a wider range of scams", including fake invoices, cryptocurrency scams, fake gifts or gift cards, and even fake technical support.
Google Messages will also be equipped with a new tool, called Key Verifier. This feature allows you and your contact to verify each other's identity using public encryption keys. All users will be prompted to share an encryption key with their contacts before they begin their conversation. Key sharing involves exchanging simple QR codes. If the key exchanged with your contact is valid, they are indeed your contact. If a hacker steals a friend's phone number, the key will be displayed as invalid. You could therefore determine that your contact is not who they claim to be. The entire key system will be integrated into the Google Contacts app by the summer. The option is primarily intended to combat SIM swap attacks and phone number theft. The feature leverages the Android Key Verifier system service, a security component used to verify the authenticity of encryption keys generated or stored on the device. Android 16 against smartphone theft will also feature improved protections in case of phone theft. The operating system will "block all use of the phone if a reset is performed without the owner's permission." This is an improvement over Factory Reset Protection (FRP), which was introduced years earlier. The user will have to go through additional authentication via the Google account to unlock a device that has just been reset.
Still with the aim of combating smartphone theft, Google will hide login codes received by SMS "on the locked screen" in certain cases. If "the phone is not connected to Wi-Fi and has not been unlocked recently", the login code will be hidden to prevent a malicious third party from viewing the information.
We've covered the main security features in Android 16. As a reminder, other features may still be released in the coming months, until the update is deployed to all compatible smartphones.
0 Comments