May 13, 2026 14:40:00

Google strengthens Android anti-theft measures, adding new features to combat phone spoofing and assist in spyware investigations.

On May 12, 2026, Google announced new security and privacy features for Android. The announcement focused on countermeasures against phishing calls impersonating banks, protection for stolen devices, 'intrusion logs' to assist in spyware investigations, and enhanced control over access to location information and contacts. Google explained that it will combine AI-powered detection with OS-level protection to strengthen its defenses against fraud, theft, and targeted attacks.

Android Show: New Android Security and Privacy Features in 2026

https://blog.google/security/whats-new-in-android-security-privacy-2026/

Google launches new Android security feature to help uncover spyware attacks | TechCrunch
https://techcrunch.com/2026/05/12/google-launches-new-android-security-feature-to-help-uncover-spyware-attacks/

Android Intrusion Logging as a new source of data for consensual forensic analysis - Amnesty International Security Lab
https://securitylab.amnesty.org/latest/2026/05/android-intrusion-logging-as-a-new-source-of-data-for-consensual-forensic-analysis/

'Verified Financial Institution Calls' are being introduced as a countermeasure against fraudulent phone calls impersonating banks. Fraudulent groups sometimes falsify their caller ID and pretend to be calling from banks or credit card companies to trick victims into making transfers or obtaining account information.

Simply displaying the caller ID doesn't tell you whether the person on the other end of the line is actually a bank. Verified Financial Institution Calls is a system that matches the phone number against information in the financial institution's app, rather than relying on its appearance. If the participating financial institution's app is installed on the device and the user is logged in, Android verifies the legitimacy of the incoming call in the background. If the financial institution's app determines that the call was not made, Android automatically terminates the call. Google says it will begin rolling out Verified Financial Institution Calls for Android 11 and later within the next few weeks, targeting financial app Revolut, Brazilian banking group Itaú, and Brazilian fintech company Nubank, and plans to expand the number of participating financial institutions in the second half of 2026.

To combat suspicious apps, the 'Live Threat Detection' feature, which uses on-device AI to analyze app behavior, will be enhanced. Newly, it will be able to detect actions such as forwarding SMS messages to a different number and exploiting accessibility permissions to display overlaid content that is difficult to see on the screen. Furthermore, it will be able to dynamically monitor suspicious patterns such as apps changing or hiding their icons and launching from the background.

For theft prevention, Find Hub's 'Mark as Lost' feature is enhanced. Android 17 allows you to add biometric authentication to your device's regular passcode or PIN. Even if a thief knows your PIN, it will be difficult to disable device tracking or regain access without facial recognition or fingerprint authentication. Marking a device as lost also enables hiding quick settings and disabling new Wi-Fi and Bluetooth connections.

Google has announced that it will enable anti-theft features such as remote lock and theft detection lock by default on new Android 17 devices, devices after a factory reset, and devices updated to the latest OS. Furthermore, it will make brute-force attacks more difficult by limiting the number of attempts allowed for PIN and password entry and increasing the waiting time after a failed attempt.

As a countermeasure against targeted attacks, 'Intrusion Logs' will be added to '

Advanced Protection Mode .' Advanced Protection Mode is a mode that enables multiple powerful protection features together for users who are at high risk of being attacked by spyware or forensic equipment. Intrusion logs record things like unlocking the device, installing and uninstalling apps, visiting websites and servers, and connecting to Android Debug Bridge .

According to TechCrunch, intrusion logs are created once a day and stored in an encrypted state in the user's Google account. Because they are stored in the cloud, there is an advantage in that the intrusion logs are less likely to be lost even if spyware tries to delete evidence on the device. It is also explained that only the user can access and share the logs with investigators, and Google cannot view the contents of the logs.

Amnesty International's Security Lab states that intrusion logs will change the quantity and quality of forensic data available on Android devices. In previous versions of Android, logs usable for investigations were often overwritten in a short period of time, and logs designed for intrusion detection were limited. Intrusion logs are said to be a feature that will support investigations based on the consent of users at high risk of spyware attacks, such as human rights activists and journalists.

In terms of privacy, Android 17 adds a temporary location sharing button and a new contact picker. The location sharing button allows you to share your exact location only while the app is open. The contact picker allows you to temporarily share only the contacts and items you need to the app, rather than your entire address book. The aim is to reduce excessive access to your location and contacts.

Google also announced the introduction of a feature that hides one-time passwords sent via SMS from many apps for three hours, a carrier setting that allows 2G to be disabled by default, and a verification feature to check official Android builds. Google says it will strengthen protection across Android against threats such as bank fraud, theft, targeted attacks, and sharing of unwanted data.