Google Unveils Major Android Security Overhaul to Combat Fraud and Theft
Google is rolling out a major security update across the Android ecosystem, introducing AI-driven threat detection, verified financial call authentication, and expanded anti-theft measures to combat rising mobile fraud and device theft.
Google has announced a comprehensive suite of security enhancements for the Android ecosystem, targeting financial fraud, device theft, and malicious application behavior. The update, which spans multiple Android versions, introduces a "verified financial calls" system designed to combat bank caller ID spoofing, a practice responsible for an estimated $980 million in annual global losses Help Net Security.
The verified financial calls feature works by cross-referencing incoming calls against the official banking application installed on the user's device. If a call claims to be from a participating institution but the app reports no active communication, the system will automatically terminate the connection. Additionally, banks can designate specific numbers as "inbound-only," ensuring any outgoing call from those numbers is blocked. This feature will initially roll out to Android 11 and newer devices in partnership with Revolut, Itaú, and Nubank Help Net Security.
To address malicious app behavior, Google is introducing "Live Threat Detection" for Android 17. This on-device AI system monitors application-system interactions in real time, specifically flagging SMS forwarding and the abuse of accessibility overlays. Complementing this, Chrome on Android is receiving enhanced download-time checks; with Safe Browsing enabled, the browser will now evaluate APK files for known malware and block the download of harmful packages Help Net Security.
Theft protection is also receiving a significant overhaul. Android 17 will require biometric authentication to unlock a device marked as "lost," preventing thieves from bypassing security even if they have observed the user's PIN. Furthermore, marking a device as lost will now disable Quick Settings and prevent new Wi-Fi or Bluetooth pairings. These protections are being deployed globally, with automatic activation for devices running Android 10 or higher in Argentina, Chile, Colombia, Mexico, and the UK Help Net Security.
Additional hardening measures include the "Advanced Protection" mode, which in Android 17 will restrict accessibility service access to verified tools, disable device-to-device unlocking, and turn off Chrome WebGPU support. For privacy, Android 17 adds a one-time location sharing option and a redesigned contact picker that limits app access to specific fields. Finally, the introduction of "AISeal" with pKVM provides a hardware-backed isolation layer for processing ambient data, ensuring AI workloads remain within a verified environment Help Net Security.
These updates reflect a broader industry trend of shifting security responsibilities from the user to the operating system through automated, hardware-backed, and AI-driven defenses. By integrating protections directly into the OS—such as the restriction of accessibility services and the automation of theft-deterrence features—Google aims to reduce the window of opportunity for attackers. Future developments will likely focus on expanding these automated protections to enterprise environments and further refining on-device AI to detect evolving social engineering tactics.