Android is getting its biggest security upgrade yet.
Google is adding new security and privacy protections to Android in 2026, including a feature that can automatically end fake bank calls before scammers get a chance to talk.
The company outlined the upgrades during its Android security announcements ahead of I/O, describing the changes as part of a broader push to make Android safer against fraud, spyware, theft, and malicious apps.
According to Eugene Liderman, Director of Android Security & Privacy Team at Google, phone scammers pretending to be banks are fueling nearly “$980M in annual losses worldwide.”
Android will verify bank calls in real time
Google’s new “verified financial calls” system works by checking incoming calls against official banking apps installed on a user’s phone. If Android detects that a number claiming to be from a bank is not actually placing a legitimate call, the system can automatically terminate the call.
Banks can also label certain phone numbers as “inbound-only,” meaning Android will instantly block any outgoing calls pretending to come from those lines. The feature is launching first on Android 11 and newer devices with support from financial institutions, including Revolut, Itaú Unibanco, and Nubank, before expanding further later this year.
Live Threat Detection gets more aggressive
Google is also expanding Android’s AI-powered Live Threat Detection system to watch for more suspicious app behavior.
The upgraded system will flag apps that secretly forward SMS messages, abuse accessibility permissions, or hide their app icons before launching malicious activity in the background.
A new capability called “dynamic signal monitoring” will allow Android 17 devices to detect suspicious behavior patterns in real time and receive updated protection rules as new threats emerge.
For Chrome on Android, Google is adding another layer of protection that scans APK downloads for known malware before installation if Safe Browsing is enabled.
New spyware and forensic attack protections
One of the more notable additions is the rollout of “Intrusion Logging,” a feature designed to help investigate spyware attacks.
The tool, part of Android’s Advanced Protection Mode, creates encrypted forensic logs that can help researchers identify signs of device compromise, including suspicious app installs, server connections, or attempts to tamper with system logs.
The feature is aimed at users at higher risk of surveillance, including journalists, activists, and dissidents. Google said Intrusion Logging is now rolling out to devices running the Android 16 Dec. update and newer.
More Google coverage
Android theft protection expands globally
Android 17 is also introducing tougher anti-theft protections.
Google says the Find Hub “Mark as lost” feature will soon require biometric authentication to regain access to a stolen phone, even if someone knows the device PIN or password. Marking a device as lost will also hide Quick Settings and block new Wi-Fi and Bluetooth connections.
After piloting theft-protection tools in Brazil, Google is expanding default-enabled protections globally to new Android 17 devices and to phones just reset. Additional countries receiving broader rollout support include Argentina, Chile, Colombia, Mexico, and the UK. The company is also tightening limits on failed PIN attempts and adding longer delays between unlock tries to slow brute-force attacks.
Temporary location sharing and stronger privacy controls
Android 17 will also introduce a temporary, precise location-sharing option that only works while a specific app remains open.
Google says the feature is intended for short tasks like finding nearby businesses without handing apps permanent access to detailed location data. Android will also display a more visible location access indicator at the top of the screen, similar to existing camera and microphone indicators.
A redesigned contact picker is also coming, allowing apps to request access only to specific contacts and limited fields, rather than entire address books.
Google pushes AI security protections
Alongside the broader Android security upgrades, Google also detailed how it plans to secure Gemini-powered AI experiences on Android.
Dave Kleidermacher, Google’s VP of Platforms Security and Privacy, said Gemini Intelligence is being built around “explicit user control,” “comprehensive data protection,” and “operational transparency.”
The company says users will be able to selectively enable or disable AI-powered automation features while Android logs AI assistant activity through the Privacy Dashboard. Google also said key parts of its AI security architecture will remain open-source and independently auditable.
Android 17 additionally introduces AISeal with pKVM, a hardware-backed isolation system designed to securely process AI-related ambient data on-device.
Fake Android builds and OTP theft also targeted
Google is also rolling out Android OS verification, starting on Pixel devices, to help users confirm whether their phone is running an authentic version of Android rather than a modified build designed to mimic official software.
The company is pairing that system with a public cryptographic ledger meant to verify official Google apps and GMS APIs.
Android will also begin hiding one-time passwords from most apps for up to three hours to reduce the risk of malicious apps stealing authentication codes. Meanwhile, carriers using Android 17 will be able to disable 2G connectivity by default in areas where older networks are no longer maintained.
Google said the broader security rollout will continue throughout 2026 as Android 17 approaches release.
Read the full article here
