Verified financial calls and smarter Android scam protection
Google’s latest Android security updates take direct aim at phone scams that cost users an estimated USD 950 million (approx. RM4.37 billion) annually worldwide. The standout feature is verified financial calls, which cross-checks incoming calls claiming to be from your bank with the official banking app on your phone. If the app reports it isn’t calling, Android automatically hangs up, cutting off spoofed calls before you even say hello. The feature will roll out soon to devices on Android 11 and above, initially supporting banks like Revolut, Itaú, and Nubank, with more to follow. Android’s Live Threat Detection is also expanding, using on-device AI to spot apps that silently forward SMS messages, misuse accessibility permissions, or hide their icons to run in the background. Together, these Android security updates are designed to shut down common scam tactics before they reach your wallet.
Location tracking privacy and data controls in Android 17
Android 17 introduces several tools that give you more control over how apps see your location and contacts. A new location button lets you grant precise location access only while an app is open. Once you close it, permission is automatically revoked, reducing long-term background tracking without constant pop-up prompts. A prominent on-screen indicator at the top of your display shows whenever any app is accessing your location, similar to existing camera and microphone indicators. Tapping it opens a “Recent app use” panel where you can quickly adjust permissions. Android 17 also adds a redesigned contact picker so you can share only specific contacts or fields instead of your entire address book. Developers are being pushed to adopt these changes to comply with Google Play rules, meaning more apps should soon respect fine-grained location tracking privacy and contact access by default.
Encrypted RCS messaging between Android and iPhone
Apple and Google have jointly rolled out RCS end-to-end encryption for messages between Android phones and iPhones, replacing insecure SMS with a modern, privacy-focused standard. Built on the Messaging Layer Security protocol and codified into the RCS Universal Profile 3.0, this upgrade ensures that messages can only be read on the devices participating in the conversation—neither Apple, Google, nor carriers can see their contents in transit. In practice, once the feature is enabled in compatible versions of Google Messages and iOS, you’ll see a small lock icon indicating a secure RCS chat. Carrier support is still essential, but many major networks already back the feature. For users, this means green-bubble chats finally gain protections closer to secure chat apps, closing a long-standing security gap in everyday texting and making cross-platform conversations significantly safer by default.
Signal’s new phishing protection and social engineering defenses
Signal is tightening its defenses against phishing and social engineering attacks that try to trick users into revealing sensitive information. The app now flags profiles with a “name not verified” notice, reminding you that display names are user-chosen and cannot be trusted as proof of identity. When you receive a message request, Signal introduces an extra confirmation step, encouraging you to accept chats only from people you genuinely recognize—similar to how other messaging apps handle unknown numbers. The interface also surfaces clear, in-app guidance: Signal will never ask for your PIN, registration code, or recovery key, so any chat making such requests is a scam. The app further highlights vague openers, suspicious links, and conversations pushing financial tips as warning signs. These phishing protection measures make it easier to spot impostors and reduce the risk of being lured into sharing private data or account access.
Why these updates matter: a coordinated push against scams and tracking
Taken together, Android 17’s anti-scam tools, new location controls, RCS end-to-end encryption, and Signal’s in-app safeguards signal a coordinated security push across major platforms. On the device level, verified financial calls, hidden one-time passwords, and Live Threat Detection make it harder for malicious apps and scammers to hijack calls, intercept codes, or hide in the background. New theft protections, stricter accessibility limits in Advanced Protection mode, and biometric checks for unlocking lost devices further raise the barrier for physical and remote attacks. At the messaging layer, encrypted RCS closes the gap between traditional texting and secure chat apps, while Signal’s phishing protection addresses the human side of security by helping users spot social engineering attempts. For everyday users, this means fewer silent trackers, safer conversations, and a reduced chance that a single tap or call turns into a costly mistake.
