Full Report
It seems like scammers are everywhere these days. Here are two new ways Google aims to tackle the problem on Android.
Analysis Summary
# Main Topic
Google is implementing two new AI-driven methods on Android devices to combat increasing scam activity targeting users via phone calls and messaging.
## Key Points
- Google is leveraging on-device AI processing to detect and warn users about potential scams during phone calls and in text messages.
- The scam detection for phone calls processes audio locally on the device and is explicitly *not* recorded, stored, or sent to Google or third parties, enhancing user privacy.
- The feature for call scanning is turned off by default and requires manual user enablement but can be disabled at any time, even mid-call.
## Threat Actors
- Generic "scammers" are mentioned as the antagonists, indicating broad, opportunistic threat actors targeting individuals through common communication channels.
- No specific named threat actors or APT groups were identified in relation to these new detection methods.
## TTPs
- **Vishing/Scam Calls:** Using conversational techniques over the phone aimed at deception.
- **Smishing/Scam Messages:** (Implied, as the announcement covers both calls and messaging).
- **Technique Implementation:** Utilizing advanced on-device AI models for real-time analysis of communication content.
## Affected Systems
- **Platform:** Android operating system.
- **Specific Devices:** Currently slated for devices supporting the latest advanced AI models, initially mentioned in the context of the Pixel 9 series.
- **Scope:** Users susceptible to phone-based and messaging-based scams.
## Mitigations
- **User Action (Primary Mitigation):** Users must manually enable the "scam detection for phone calls" feature.
- **Platform Update (Google's Action):** Deployment of on-device AI filtering capabilities specifically for call analysis and messaging threat identification.
- **Control:** Users maintain control to disable the feature at any point during an active call.
## Conclusion
Google is introducing enhanced, privacy-conscious AI features directly on Android devices to proactively defend users against social engineering tactics like generalized phone and text message scams. While the initial rollout seems hardware-dependent (requiring advanced AI support), these advancements represent a strong defensive posture against pervasive scamming operations. Users are strongly advised to enable this feature for improved security, noting that the processing remains local.