Android 16: Google secures the USB port better
Android 16 receives an additional security layer to protect smartphones against attacks via USB ports.
Google Android bugdroid before lock icon.
(Image: Primakov/Shutterstock.com)
A function discovered by Android Authority in Android 16 Beta 4 is part of an optional new protection function designed to prevent a targeted attack on locked smartphones via the USB port. The function is likely to be aimed primarily at users such as journalists or activists who store particularly sensitive data on their smartphones and could be targeted by hackers.
New Android security function blocks USB data signing
With the enhanced security function, malicious actors can no longer connect USB peripherals such as keyboards to the locked smartphone to overcome the security lock using a brute force attack, for example. This scenario is not just theoretical: Amnesty International's Security Lab documented a zero-day USB driver vulnerability in February 2025 that was used to penetrate the Android smartphone of an activist in Serbia.
Videos by heise
As demonstrated in the embedded video, it is not possible to connect peripherals such as a keyboard with activated protection to the smartphone. A notification explains that the external keyboard can only be connected when the device is unlocked.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externes YouTube-Video (Google Ireland Limited) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (Google Ireland Limited) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
The security function is not yet officially available. According to Android tinkerer Mishaal Rahman, it will be part of Android 16, although it is unclear whether it will appear with the final version, which will be released in June. It could also be released in a subsequent update.
Juice jacking fixed a long time ago
The newly discovered function is not about protection against the still frequently mentioned so-called “juice jacking”, in which attackers attempt to install malware via the USB port of smartphones. This has not been possible on Android or iOS devices for a long time due to appropriate precautions at software level.
Google and Apple introduced corresponding protection mechanisms against juicejacking several years ago. Users must explicitly allow devices that are connected via a USB port to access smartphone data.
(afl)
