Google on Tuesday unveiled a range of security upgrades in Android 16, introducing a new Advanced Protection setting and advanced tools to counter scams and theft. These updates prioritize safeguarding all users, particularly high-risk groups like journalists and elected officials.
Advanced Protection Integrated into Android 16
Il-Sung Lee, Android Security Group Product Manager, said Google is enhancing its Advanced Protection Program with a setting embedded in Android 16. “This offers stronger defenses for anyone seeking extra security,” Lee noted, emphasizing its ease of use.
Once activated, Advanced Protection brings together Android’s top security features to defend against malicious apps, data leaks, and online threats, with no technical expertise required for easy activation and broad accessibility.
Key features include:
- Combined security: Essential protections are activated automatically.
- Intrusion Logging: A unique Android tool that securely stores tamper-resistant device logs, accessible only by the user, for analyzing potential breaches.
- App support: Security settings apply to Google apps like Chrome, Google Messages, and Phone by Google, with future third-party app integration planned.
- Secure settings: Enabled features cannot be easily turned off, maintaining consistent protection.
How Advanced Protection Fortifies Your Android Device
Advanced Protection activates and secures both existing and new security features, ensuring they remain enabled and cannot be disabled across key protection areas.
Stronger Protections Against Phone Scams
Dave Kleidermacher, VP of Android Security and Privacy, said Android devices, such as the Pixel 9 Pro, are highly ranked by experts for anti-fraud capabilities. “We’re introducing new measures to shield users from scams and theft,” he added.
Android 16’s in-call protections block risky actions exploited by scammers, including:
- Turning off Google Play Protect, the built-in service that checks apps for potentially harmful activity.
- Installing unverified apps from browsers or messaging apps.
- Granting accessibility permissions that might let apps take control of devices or access sensitive data, such as banking information.
These safeguards, active only during calls with unknown contacts, operate on-device. These protections are available on Android 6+ for Google Play Protect and on Android 16 for sideloading and accessibility permissions, with Android also prompting users to stop screen sharing after calls to minimize fraud risk.
Banking App Security Pilot
To address screen-sharing fraud, where scammers pose as banks or authorities, Google is piloting in-call protections for banking apps in the UK.
On Android 11+ devices, launching a participating banking app while screen sharing with an unknown contact triggers a warning and an option to stop sharing and end the call.
Google is working with UK banks Monzo, NatWest, and Revolut to trial this feature, with plans to evaluate results before expanding.
Upgraded Scam Detection in Messaging
Google’s AI-driven Scam Detection in Google Messages and Phone by Google now identifies a broader range of scams, including crypto fraud, fake billing fees, gift card schemes, technical support scams, and financial impersonation.
Kleidermacher noted that real-time alerts help users avoid scams, with all processing done on-device to ensure privacy. Users have the option to turn off Scam Detection through the settings in Google Messages
Confirming Message Sender Identity
To fight impersonation scams, Google will introduce Key Verifier on Android 10+ devices later this summer, allowing users to verify contact identities in Google Messages using encryption keys, confirmed through QR codes or number comparison.
If a contact’s verification status changes, such as after a SIM swap, the Google Contacts app flags it, ensuring secure, end-to-end encrypted communication.
Enhanced Theft Defenses
Google’s theft protection suite, launched last year, has protected data on hundreds of thousands of devices, with features like Remote Lock and Theft Detection Lock keeping stolen devices secure for over 48 hours.
New updates include:
- Identity Check: Now available on Pixel, Samsung One UI 7, and soon on other Android 16 devices, this feature boosts security even if a PIN or password is compromised.
- Stricter Factory Reset rules: Unauthorized resets limit device functionality.
- Concealed one-time passwords: OTPs are hidden on the lock screen in high-risk scenarios until the device is unlocked.
- Remote Lock verification: A security question ensures authorized remote actions.
Improved Google Play Protect
Google Play Protect now uses on-device machine learning to detect apps that hide or change icons, a tactic used by malicious apps. It also scans for text or binary patterns to identify malware quickly.
This feature, launching on Pixel 6+ and select new devices soon, applies to all app sources. Android users with Google Play Services worldwide benefit from these updates.
Continuous Security Advancements
Android 16 users enabling Advanced Protection access core features immediately, with additional tools—like USB protection, Scam Detection for Phone by Google, and disabling auto-reconnect to insecure Wi-Fi—rolling out later in 2025.
Kleidermacher said Google collaborates with Android partners and the security community to innovate and ensure user safety.