Verified Financial Calls: Turning Spoofed Bank Calls into Dead Lines
Google is putting bank scammers directly on mute with a new verified financial calls feature. Phone spoofing, where fraudsters fake a bank’s caller ID using internet-based calling tools, is estimated to cost users USD 950 million (approx. RM4,370,000,000) annually worldwide. To counter this, Android will now check in real time with your installed banking app when it says it’s calling you. If the bank’s app confirms the call is genuine, it goes through; if not, Android automatically hangs up before you even say hello. The feature will support select banks initially and works on devices running Android 11 and above, making it a major part of Android 17 security features but not limited to the newest phones. Combined with upgrades like Live Threat Detection and OTP hiding, Google is treating phone calls as a frontline in the fight against financial scams.
Location Tracking Control and Contact Picking: Privacy with One Tap
Android privacy updates in Android 17 focus heavily on making location and contact access more transparent and temporary. A new on-screen location button lets you grant precise location only while an app is open, then automatically revokes it once you close the app—no more permanent permissions for occasional tasks. A persistent location indicator will appear whenever any app taps your location, and you can open a “Recent app use” dialog to see which apps accessed it and adjust permissions instantly. Alongside this, a redesigned contact picker lets you share only specific contacts instead of your entire address book, and apps can request just the fields they truly need. Together, these tools give users sharper location tracking control and finer-grained contact sharing, pushing developers toward a data-minimizing model that still lets apps function smoothly without hoarding personal information.
Live Threat Detection and Advanced Protection: Defending Against Rogue Apps
Beyond calls and location, Android 17 security features deepen protection against malicious apps and sophisticated attacks. Live Threat Detection, powered by on-device AI, will monitor for apps silently forwarding SMS messages or abusing accessibility permissions to display hidden content. A new dynamic signal monitoring layer watches for behavior such as apps changing or hiding their icons before running in the background—classic malware tactics—and lets Google push updated threat rules as attackers evolve. For high-risk users, Advanced Protection mode is getting stricter: it limits accessibility services to genuine accessibility tools, disables device-to-device unlocking and Chrome WebGPU, and adds scam detection for chat notifications. Features like USB protection, Intrusion Logging, and Android OS verification further harden the platform. These Android privacy updates show Google shifting from one-off safeguards to a constantly adapting defense system baked into the operating system.
Theft Protections and Find Features: When Your Phone Goes Missing
Android 17 is also designed to protect your data and identity if your device is stolen. Google is expanding its default-on theft protections so that Remote Lock and Theft Detection Lock are enabled automatically on new and freshly reset devices running the latest OS. These features can recognize suspicious movement and lock the phone, reducing the window thieves have to access your data. The Find Hub’s Mark as Lost tool will now require biometric authentication to unlock a flagged device, preventing someone who knows your PIN from turning off tracking or digging through your information. Triggering Mark as Lost will additionally hide Quick Settings and block new Wi-Fi and Bluetooth connections. Fewer allowed PIN guesses and longer delays between attempts also make brute-force attacks harder, turning a stolen phone into a far less valuable target.
Signal’s New Phishing Protection: Social Engineering Meets Its Match
While Android 17 tightens OS-level defenses, apps like Signal are stepping up phishing protection inside conversations themselves. Responding to targeted phishing campaigns against journalists and officials, Signal has introduced several in-app safeguards. A prominent “name not verified” notice reminds users that display names are self-set and cannot be trusted as proof of identity, making it harder for scammers to impersonate trusted contacts or the platform itself. When you receive a message request from an unknown number, Signal now adds an extra confirmation step to encourage accepting only people you actually know, mirroring cautious flows seen in other messengers. The app also surfaces clear safety guidance, warning that Signal will never ask for your PIN, registration code, or recovery key. It highlights vague openers, suspicious links, and unsolicited financial tips as red flags, helping users recognize social engineering tricks in real time.
