Google’s biggest Android security push targets modern scams
Google is rolling out one of its most ambitious Android security upgrades yet, unveiled at the Android Show I/O Edition. Instead of relying on a single protection, Google is layering several Android security features that work together against today’s most common threats: financial scams, malicious apps, and stealthy tracking. The headline change is a verified financial calls system that aims to stop spoofed bank calls before you even say hello. A new OS verification Android capability will help you confirm that your phone is running an official, unmodified version of the operating system. And Android 17 is also adding tighter location tracking control, so apps can’t quietly keep tabs on you in the background. Combined with improved scam detection and theft protections, these changes signal a shift toward more proactive, automated defenses that step in even when users might not notice something is wrong.
Verified financial calls: Android hangs up on spoofed bank numbers
Financial fraudsters lean heavily on caller ID spoofing, using internet-based calling tools to impersonate banks and trusted institutions. Europol estimates such scams lead to annual losses of more than 850 million euros, while phone spoofing overall is said to cost users around USD 950 million (approx. RM4,370,000,000) each year. Google’s answer is a verified financial calls feature for Android 11 and above. If you have a participating bank’s app installed and are signed in, Android will query that app in real time whenever a call claims to be from the bank. If the app confirms that no one is actually calling you—or that the number is marked as inbound-only—the system triggers spoofed call blocking and ends the call automatically. The rollout starts with banks such as Revolut, Itaú, and Nubank, with broader support promised, making this a cornerstone anti-fraud measure inside the dialer itself.
OS verification: Checking if your Android is the real thing
As attackers move beyond apps and into modified operating systems, Google is adding a deeper integrity check with OS verification Android tools in Android 17. Google says bad actors are distributing malicious Android builds that mimic the official interface while quietly undermining device security. The new OS verification feature will show whether your phone is running an official, widely distributed Android build, surfacing details like Play Protect status, bootloader state, and build information in a single interface. There also appears to be an option to verify your OS with another device for an extra layer of assurance, though Google has not detailed how that will work yet. OS verification will launch first on Pixel phones with the stable Android 17 release before other manufacturers adopt it, giving users a straightforward way to check if the foundation of their device can be trusted.
Location tracking control and data minimization in Android 17
Scams aren’t the only threat Google is targeting; quiet, long-term tracking by legitimate-looking apps is also in focus. Android 17 introduces a new location button that lets you grant precise location access only while an app is open. Once you close it, the permission is automatically revoked, shutting down persistent background tracking without constant pop-ups. A new on-screen indicator will light up whenever any app accesses your location, similar to existing camera and microphone indicators. Tapping it reveals which apps have recently used your location and gives you instant access to a “Recent app use” dialog to adjust permissions. A redesigned contact picker further limits data exposure, allowing you to share only specific contacts and fields instead of your entire address book. Together, these changes give users much tighter location tracking control and finer-grained privacy over personal data that many apps previously collected by default.
How Android’s layered defenses change everyday security
The new Android security features are designed to complement, not replace, existing protections like Live Threat Detection, theft safeguards, and OTP shielding. Android’s scam-fighting toolkit now spans from the network edge—where verified financial calls preempt spoofed call blocking—to the OS core, where OS verification checks for tampered firmware. At the same time, permission tools in Android 17 clamp down on overreaching apps, automatically curbing background location access and limiting contact visibility. This layered approach matters because attackers increasingly combine techniques: a fake OS, a malicious app with accessibility abuse, and a convincing spoofed phone call can all work together in a single scheme. By making it easier for users to see what’s happening—and by letting the system automatically intervene—Google is shifting Android toward a more managed, less error-prone security posture that better reflects how real-world scams and tracking attempts actually unfold.