Photo credit: www.androidauthority.com

Google Introduces New Security Feature to Combat Phone Scams in Android 16

Google is enhancing the security measures within its Android operating system to counteract increasing phone scams. The upcoming Android 16 will incorporate a new feature designed to restrict users from altering specific sensitive settings while on a phone call. This initiative primarily targets settings that fraudsters often exploit, such as enabling application installations from unknown sources, commonly referred to as sideloading, and granting accessibility permissions.

Update, February 14, 2025 (04:41 PM ET): Further investigations reveal that the in-call anti-scam protections are already operational in Android 16 Beta 2. A demonstration showcasing these features has been made available for users to observe their functionality.

Original article, February 14, 2025 (05:00 AM ET): As technology advances, especially with the rise of artificial intelligence, the tactics employed by scammers have become increasingly sophisticated. These deceitful actors commonly use psychological manipulations to coerce individuals into providing financial information or access to sensitive online accounts. Given the prevalence of such scams, Google is taking proactive steps to safeguard users by implementing this new security feature in Android 16.

Scammers typically engage potential victims by guiding them through processes that allow for the installation of malware, often requiring the victim to grant permissions that could compromise their device’s security. For many, the concept of sideloading apps may not be familiar, enabling scammers to maintain their hold over the call while providing step-by-step instructions.

To counter this, Android 16 aims to inhibit the ability to modify the sideloading permission when an active phone call is in progress. Internal coding from the Android 16 Beta 2 has confirmed this protective measure:

Code
Allowing apps to install other apps is not allowed during a phone call.

Such protective measures are prudent, as scammers frequently request actions such as enabling sideloading during their conversations. If users are encouraged to perform these actions by an unfamiliar caller, it raises the potential for a scam.

The sideloading function, while useful, is often disabled by default to prevent the distribution of malicious software that typically occurs outside authenticated app stores. Users must navigate through several settings to enable this feature, specifically by accessing Settings > Apps > Special app access > Install unknown apps. Furthermore, individuals using Advanced Protection Mode face even stricter limitations regarding this permission due to heightened security concerns.

However, it is essential to consider the tactics scammers may deploy even with the new restrictions. For instance, they might instruct a victim to end the call and subsequently enable sideloading before calling back. Nevertheless, this process introduces additional steps, which could potentially raise suspicion in the victim. Critical to this feature’s design is an alert displayed when users attempt to allow sideloading, informing them that such actions are often suggested by scammers during phone calls. This warning serves as a sufficient deterrent, encouraging users to reconsider the integrity of the caller.

What about instances where the sideloading permission is already enabled, or worse, if the malicious app is available on the Google Play Store? Android 16 addresses this concern by also prohibiting the activation of specific sensitive permissions, including accessibility access, during live phone conversations. This type of access can allow an app to interpret the screen content and execute actions without the user’s direct consent, posing significant risks. The introduction of these security features represents a substantial effort to safeguard users from the growing threat of phone scams.

Code
Giving an app access to accessibility is not allowed during a phone call.

As these new security measures are currently active within Android 16 Beta 2, they are expected to remain in the public release of Android 16, anticipated later this year. These enhancements build upon the Enhanced Confirmation Mode introduced in Android 15, which already complicated the process for sideloaded apps to gain access to sensitive permissions.

Got a tip? Talk to us! Email our staff at news@androidauthority.com. You can stay anonymous or get credit for the info; it’s your choice.

Source
www.androidauthority.com