Verified Bank Calls Aim to Shut Down Phone Fraud
Android 17 puts financial scams in the crosshairs with a new “verified financial calls” system that targets caller ID spoofing. Phone scammers routinely impersonate banks, a tactic linked to an estimated USD 980 million (approx. RM4.5 billion) in annual losses worldwide. To counter this, Android now checks incoming calls against the official app of a participating bank or financial institution. If the app confirms no active call, Android automatically cuts the line. Banks can also flag certain numbers as inbound-only so any outgoing call from those numbers is blocked on the spot. The feature is rolling out on Android 11 and above with early partners including Revolut, Itaú, and Nubank, with broader expansion planned. Together with network-level scam call blocking, this gives users a clearer signal about which “bank” calls they can trust and which to ignore.
AI-Powered App Threat Detection and Safer Downloads
Android 17 expands app threat detection with Live Threat Detection, an on-device AI system that continuously watches for suspicious behavior. It now flags apps that try to forward SMS messages or abuse accessibility overlays, both common tactics in fraud and malware. Dynamic signal monitoring lets Google push new detection rules without waiting for a full OS update, helping Android respond faster to emerging threats. Chrome on Android adds another layer by scanning APK downloads when Safe Browsing is enabled, blocking known malicious packages before they reach the device. Advanced Protection mode also tightens the screws: apps not labeled as accessibility tools lose access to those powerful services, device-to-device unlocking is disabled, and scam detection extends to chat notifications. The result is a more proactive Android 17 security posture that catches risky apps earlier and limits the damage if one slips through.
Phone Theft Protection Gets Default-On and Harder to Bypass
Android 17 significantly raises the bar for phone theft protection by integrating deeper with Find Hub’s Mark as lost feature. Once a device is flagged as lost, biometric authentication is required on top of the PIN or passcode, reducing the risk that a thief who has observed the code can unlock the phone. The system also hides Quick Settings and blocks new Wi-Fi and Bluetooth pairings, making it harder for attackers to disconnect tracking or pair rogue accessories. Default-on theft protections are being expanded globally for new Android 17 devices and for phones that are reset or upgraded to the latest OS. Remote Lock and Theft Detection Lock can now trigger automatically, cutting off access more quickly. Android 17 further reduces the number of allowed PIN guesses and increases the waiting time between failed attempts, while exposing the IMEI from the lock screen to help verify ownership.
On-Device AI Isolation and Smarter Scam Call Blocking
Beyond app checks, Android 17 introduces AISeal with pKVM, a hardware-backed isolation layer designed for sensitive AI workloads. It works alongside Private Compute Core and Private AI Compute so that ambient data and threat detection models can run locally in a verified environment, without shipping raw personal data off the device. This architecture supports more advanced scam call blocking and app threat detection while preserving user privacy. Android’s live threat analysis can inspect patterns like unusual overlay use or background activity in real time, then update its models securely. Scam detection is also being woven into notifications, including chats, to catch social-engineering attempts before users act on them. Combined with OS verification—which lets users confirm their phone is running an official Android build—these measures turn Android 17 into a platform where both the security checks and the AI that powers them are locked down by design.
Granular Privacy Controls for Location, Contacts, and One-Time Codes
Android 17’s privacy upgrades give users more control over how apps access sensitive data. A new one-time location button lets you share precise location only for the duration of a specific task while an app is open, instead of granting blanket access. A prominent indicator at the top of the screen shows when location is being used, mirroring existing cues for camera and microphone. The redesigned contact picker allows apps to request specific contacts or fields rather than the entire address book, and these permissions can be kept temporary. To combat OTP theft, one-time passwords are automatically hidden from most apps for three hours after arrival. Android 17 also introduces carrier-configurable default-off settings for 2G connectivity and rolls out post-quantum cryptography across its data protection stack. Together, these controls tighten the flow of data that scammers and malicious apps often depend on.