News Categories

Android beefs up security measures with theft protection and anti-scam tools

By Liu Hongzuo - on 16 May 2024, 1:00am

Android beefs up security measures with theft protection and anti-scam tools

Some might say these features are probably more important than any other fancy ones that were launched alongside other Google I/O 2024 announcements.

Amidst all the sexy Google I/O 2024 announcements like Gemini, Google Search, Google Maps, and a new version of Android coming up, comes essential security upgrades that fundamentally change how Android mobiles help to protect its users in both the physical and online world.

Google today (16 May 2024) announced several Android security features that look into theft protection, data protection, and fraud prevention, and anti-scam measures. It’s a lot to go through, but the features mainly fall under two categories: mitigating the outcomes of a snatch theft, and preventing screen sharing from being too useful to scammers and malicious apps. 

Data protection to deter theft

Theft deterrence aims to make Android phones less desirable as a target for theft and robberies.

The security team at Android said that it has implemented a host of features to deter criminals from finding Android phones lucrative enough to target them for thefts.

First, factory reset upgrades now prevent resets done by thieves. If an Android phone goes through a factory reset, the device requires your Google Account credentials or knowledge of the device to set it up as a brand new device. This renders a device unsellable, which Google said should disincentivise thefts.

Private Space helps you keep your important apps out of sight.

Also, Android now comes with a Private Space for sensitive apps. The team said that this helps mitigate knifepoint or gunpoint robberies where victims are forced to unlock phones to facilitate fund transfers on-the-spot. Private Space is a built-in feature where users can store important apps and hide them away from view with a separate PIN.

Now, disabling Find My Device tracking or extending screen timeout also requires a PIN, password, or biometric authentication, which makes it harder for criminals who keep your phone awake (to access data).

In the event that a thief knows your PIN, Google has also thwarted that by requiring additional authentication (like biometrics) for changing critical Google Account credentials and device settings

AI-powered screenlock when it detects a snatch theft

Android now also comes with the ability to determine snatch thefts when users are busy on their phones — the on-board AI can now detect if someone snatches your phone from your hand and tries to run, bike, or drive away.

Called Theft Detection Lock and Offline Device Lock, the phone screen automatically locks itself when it detects such motions, preventing easy data access. This update will roll out to Android 10 or newer devices “later this year”.

Remote Lock through Find My Device

Remote Lock.

If you misplace your Android phone and it’s not coming back to you, you can now lock your device remotely.

Called Remote Lock, users can lock their Android device by borrowing another device and punching in their phone number with a quick security challenge inside Find My Device. This would allow the user more time to recover account details and use other protection tools, like remotely wiping the phone for their data privacy and safety.

Like the above feature, Remote Lock is also rolling out to Android 10 or newer devices “later this year”.

Financial fraud and scam protection

Anti-scam measures go beyond software and hardware with Android's new features.

Besides alerting Android users if they seem to be in the midst of a scam call, the operating system is also making things harder for scammers who guide their victims through screen sharing. These adjustments also make it hard for stealthy malware to record sensitive data or use the phone in the user’s absence.

Currently, Google Play Protect has Live Threat Detection, where it uses on-device machine learning to observe malware-like behaviours on your phone. This helps identify malware that lies dormant on a victim’s phone for extended periods. Also, the offending app also gets sent back to Google for another review. 

Screen sharing plays a huge role for scammers, and that's receiving a huge nerf.

There’s also Single App Screen Sharing, which limits any screen-sharing activities to the selected app. This means notifications are not captured during screen sharing, and viewers would be met with a blank screen if the sharer exits the app. 

OTPs are now redacted if there's anyone else remotely viewing your screen.

Extra protections also include omitting information. During a screen share or screen recording, notifications containing OTPs (one-time passwords) are not recorded, even if the device runs on a device-wide screen share. Other viewers would only see a notification, but no details are shown since it’s redacted.

On a similar vein, screen sharing also blanks out when a user is entering login credentials while screen sharing. Viewers (or in this case, scammers) would also only see a black screen during any login process.

Play Integrity API enhancements

Other legit apps can now do a special kind of attestation request, where it asks Android to check if a user's phone is safe enough to run their app.

Remember when banking apps in Singapore received enhanced measures where the these apps could detect if there was malware on a user’s phone and simply refuse to work if so?

Google not only introduced, but is also enhancing Play Integrity API further. App developers of sensitive apps, like banking or government services, can include an integrity API where Android can play a part in detecting if a phone has apps installed from third-party sources (e.g. through an unofficial app store, from the Internet, etc.). Such access to the Integrity API is not limited to financial apps, as messaging apps and more can also request for it.

Such apps with these integrity checks enabled can request users to disable these dodgy apps before agreeing to work. According to Google, Play Integrity API has strict requirements to prevent abuse, which requires valid reasons and requests for certain app permissions for the developer to consider a phone unsafe.

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.