Android shifts to automatic, always‑on security
Google is rolling out 12 Android security upgrades designed to stop scams, malware, and spyware without relying on users to spot danger themselves. Announced at the Android Show I/O Edition, the changes mark a clear shift toward automatic, passive defense: the system now quietly inspects calls, apps, and downloads in real time, stepping in when something looks suspicious. Scam call blocking, malware protection on Android, and new spyware safeguards are all integrated into the OS and Google’s on-device AI. Instead of nagging users with constant prompts, Android increasingly makes security decisions on their behalf—only surfacing alerts when it detects behavior that could put money, data, or privacy at risk. The goal is to tackle growing threats such as financial fraud and covert surveillance by cutting scammers and attackers off before they ever reach the home screen.
Verified financial calls: scam call blocking before the phone even rings
The headline upgrade is verified financial calls, a feature that automatically ends spoofed calls claiming to be from your bank or financial institution. Phone spoofing, where scammers fake caller IDs using internet-based calling, is estimated to cost users USD 950 million (approx. RM4.4 billion) annually worldwide. Android now cross-checks incoming calls with supported banking apps installed on your device; if your bank’s app confirms it isn’t calling, the system hangs up before you can even pick up. This automatic scam call blocking initially supports Revolut, Itaú, and Nubank on Android 11 and newer devices, with more banks expected later. It’s part of a broader move toward proactive Android security upgrades that stop fraud in real time, closing one of the most lucrative channels criminals use to hijack financial accounts and trick users into revealing credentials or authorizing bogus transfers.
Live Threat Detection and Chrome scans boost malware and spyware defense
Beyond calls, Google is strengthening malware protection on Android with new behavioral monitoring and download scanning. Live Threat Detection uses on-device AI to watch what apps do after installation, flagging software that secretly forwards SMS messages, abuses accessibility permissions, or hides its icon to run in the background—classic malware and spyware tactics. Android 17 adds dynamic signal monitoring, letting Google push updated threat rules in real time as new attack patterns emerge. On the web side, Chrome for Android will scan APK files with Safe Browsing before downloads finish, blocking known malicious apps before they touch your storage. Android will also automatically hide one-time passwords for several hours so rogue apps with SMS access can’t intercept them. Together, these Android security upgrades emphasize automatic intervention over manual checks, closing gaps that attackers have used to bypass traditional app reviews and permissions.
Location tracking privacy and contact controls in Android 17
Android 17 introduces a dedicated location button that lets you grant an app precise location only while it’s open; once you close it, background access is automatically revoked. This is a direct response to growing concern over apps quietly tracking users’ movements in the background. An on-screen location indicator, similar to the camera and microphone icons, will appear whenever any app taps your location. Tapping it reveals a “Recent app use” panel, where you can see which apps accessed your location and adjust permissions on the spot. A new contact picker further tightens data access by allowing apps to see only specific contacts and only the fields they genuinely need, instead of your entire address book. These tools give users straightforward, real-time control over location tracking privacy and contact sharing, while Google Play policy will nudge developers to adopt them as standard.
Advanced Protection, theft defenses, and what the overhaul means for users
For high-risk users such as journalists and activists, Google is expanding Advanced Protection Mode with features aimed at sophisticated spyware and physical compromise. Intrusion Logging now creates encrypted forensic logs stored in the user’s Google account, capturing unlock events, app installs, server connections, and even the use of forensic tools, instead of letting logs be quietly overwritten. USB protection has rolled out to Pixel devices, and Android 17 will block accessibility services for apps that are not true accessibility tools, disable device-to-device unlocking, and add scam detection for chat notifications. On the physical side, Remote Lock and Theft Detection Lock become default-on for Android 17 devices, while Find Hub’s Mark as Lost requires biometric authentication and disables quick settings and new wireless connections. Altogether, these upgrades reframe Android security as a mostly automatic safety net that shields finances, data, and location with minimal user effort.
