Google's Android Show: More security and privacy

Contents

On the occasion of the Android Show, Google provided an overview of new security functions, some of which have been known for a short time. Android 16 is set to significantly improve the level of protection once again.

Google lists many features. For example, Android 16 will improve protection against fraudulent calls. As fraudsters often persuade their victims to carry out actions that give the attackers access to the devices, certain settings can no longer be made during a phone call: for example, deactivating Google Play Protect, sideloading apps using a web browser, messaging app or similar, or accessibility settings that allow malicious apps to gain control of the device. If screen sharing is enabled during a call, Android 16 will remind you to stop screen sharing.

Fraud via screen sharing

According to Google, fraud involving screen sharing is an increasingly "normal" attack vector. In the pilot phase, Android (from version 11) warns against opening banking apps from participating banks during a screen sharing session with an unknown contact. Those affected are given the option of ending the call and the screen sharing session with a tap on the screen. Google has also recently added real-time fraud detection using artificial intelligence in Messages and the phone app, which should also protect against fraud.

Finally: Key Verifier brings verified contacts

What messengers such as Signal have long been able to do, Google is now bringing to the Contacts app with the Key Verifier. Using QR codes, known users can identify each other once. The process uses public key cryptography, which means that messages in Google Messages are also encrypted end-to-end. This should ensure that you are really communicating with the right person at the other end and that the conversation remains confidential.

Google has also improved theft protection. Several functions are designed to protect the victim's data and finances in the event of theft. Since the features were released last year, they have already protected data on devices that have fallen into the wrong hands in hundreds of thousands of cases. This includes smartphones that were automatically locked using "Remote Lock" or "Theft Detection Lock" and remained in this state for more than 48 hours. Google wants to further strengthen these functions: remote device lock is to be given a security question. Protection against resetting to factory settings is to follow this year, restricting functions on devices that have been reset without the owner's authorization.

Google has also added an identity check for Pixel smartphones and Samsung's "One UI 7" devices, which adds an extra layer of security even if the PIN or password has been compromised – certain settings and functions simply require biometric approval. This will now be rolled out to more supported devices running Android 16.

Advanced Protection extended

As has been the case for years, Google is also expanding Advanced Protection. There are a total of four new settings, some of which have been known for a short time.

"Intrusion Logging" logs data end-to-end encrypted in the cloud. Google wants to protect privacy, but does not say how. The logs are intended to allow investigations to be carried out if there is any suspicion that an Android device has been compromised. After three days of inactivity, Android devices restart themselves if "Inactivity Reboot" is active. It became known around two weeks ago that Google is improving the protection of USB ports against attacks. Another new feature is the option to prevent devices protected with Advanced Protection from automatically reconnecting to Wi-Fi networks that are considered insecure, such as those that do not use encryption or only use WEP (Wired Equivalent Privacy) or OWE (Opportunistic Wireless Encryption, e.g. in public networks).

Google Play Protect will also feature live threat detection. This will initially be available on Google smartphones from the Pixel 6 and an unspecified selection of new devices from other manufacturers in the coming months. In addition to static detection, Google wants to examine apps that Play Protect is not yet aware of with AI-supported real-time scans before installation.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.

Preisvergleiche immer laden Preisvergleich jetzt laden

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

(dmk)