Full Report
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy Android’s intelligent protections keep you safe from everyday dangers. Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.Android is always developing new protections to keep you, your device, and your data safe. Today, we’re announcing new features and enhancements that build on our industry-leading protections to help keep you safe from scams, fraud, and theft on Android. Smarter protections against phone call scams Our research shows that phone scammers often try to trick people into performing specific actions to initiate a scam, like changing default device security settings or granting elevated permissions to an app. These actions can result in spying, fraud, and other abuse by giving an attacker deeper access to your device and data. To combat phone scammers, we’re working to block specific actions and warn you of these sophisticated attempts. This happens completely on device and is applied only with conversations with non-contacts. Android’s new in-call protections1 provide an additional layer of defense, preventing you from taking risky security actions during a call like: Disabling Google Play Protect, Android’s built-in security protection, that is on by default and continuously scans for malicious app behavior, no matter the download source. Sideloading an app for the first time from a web browser, messaging app or other source – which may not have been vetted for security and privacy by Google. Granting accessibility permissions, which can give a newly downloaded malicious app access to gain control over the user's device and steal sensitive/private data, like banking information. And if you’re screen sharing during a phone call, Android will now automatically prompt you to stop sharing at the end of a call. These protections help safeguard you against scammers that attempt to gain access to sensitive information to conduct fraud. Piloting enhanced in-call protection for banking appsScreen sharing scams are becoming quite common, with fraudsters often impersonating banks, government agencies, and other trusted institutions – using screen sharing to guide users to perform costly actions such as mobile banking transfers. To better protect you from these attacks, we’re piloting new in-call protections for banking apps, starting in the UK. When you launch a participating banking app while screen sharing with an unknown contact, your Android device will warn you about the potential dangers and give you the option to end the call and to stop screen sharing with one tap. This feature will be enabled automatically for participating banking apps whenever you're on a phone call with an unknown contact on Android 11+ devices. We are working with UK banks Monzo, NatWest and Revolut to pilot this feature for their customers in the coming weeks and will assess the results of the pilot ahead of a wider roll out. Making real-time Scam Detection in Google Messages even more intelligent We recently launched AI-powered Scam Detection in Google Messages and Phone by Google to protect you from conversational scams that might sound innocent at first, but turn malicious and can lead to financial loss or data theft. When Scam Detection discovers a suspicious conversation pattern, it warns you in real-time so you can react before falling victim to a costly scam. AI-powered Scam Detection is always improving to help keep you safe while also keeping your privacy in mind. With Google’s advanced on-device AI, your conversations stay private to you. All message processing remains on-device and you’re always in control. You can turn off Spam Protection, which includes Scam Detection, in your Google Messages at any time. Prior to targeting conversational scams, Scam Detection in Google Messages focused on analyzing and detecting package delivery and job seeking scams. We’ve now expanded our detections to help protect you from a wider variety of sophisticated scams including: Toll road and other billing fee scams Crypto scams Financial impersonation scams Gift card and prize scams Technical support scams And more These enhancements apply to all Google Messages users. Fighting fraud and impersonation with Key Verifier To help protect you from scammers who try to impersonate someone you know, we’re launching a helpful tool called Key Verifier. The feature allows you and the person you’re messaging to verify the identity of the other party through public encryption keys, protecting your end-to-end encrypted messages in Google Messages. By verifying contact keys in your Google Contacts app (through a QR code scanning or number comparison), you can have an extra layer of assurance that the person on the other end is genuine and that your conversation is private with them. Key Verifier provides a visual way for you and your contact to quickly confirm that your secret keys match, strengthening your confidence that you’re communicating with the intended recipient and not a scammer. For example, if an attacker gains access to a friend’s phone number and uses it on another device to send you a message – which can happen as a result of a SIM swap attack – their contact's verification status will be marked as no longer verified in the Google Contacts app, suggesting your friend’s account may be compromised or has been changed. Key Verifier will launch later this summer in Google Messages on Android 10+ devices. Comprehensive mobile theft protection, now even stronger Physical device theft can lead to financial fraud and data theft, with the value of your banking and payment information many times exceeding the value of your phone. This is one of the reasons why last year we launched the mobile industry’s most comprehensive suite of theft protection features to protect you before, during, and after a theft. Since launch, our theft protection features have helped protect data on hundreds of thousands of devices that may have fallen into the wrong hands. This includes devices that were locked by Remote Lock or Theft Detection Lock and remained locked for over 48 hours. Most recently, we launched Identity Check for Pixel and Samsung One UI 7 devices, providing an extra layer of security even if your PIN or password is compromised. This protection will also now be available from more device manufacturers on supported devices that upgrade to Android 16. Coming later this year, we’re further hardening Factory Reset protections, which will restrict all functionalities on devices that are reset without the owner’s authorization. You'll also gain more control over our Remote Lock feature with the addition of a security challenge question, helping to prevent unauthorized actions. We’re also enhancing your security against thieves in Android 16 by providing more protection for one-time passwords that are received when your phone is locked. In higher risk scenarios2, Android will hide one-time passwords on your lock screen, ensuring that only you can see them after unlocking your device. Advanced Protection: Google’s strongest security for mobile devices Protecting users who need heightened security has been a long-standing commitment at Google, which is why we have our Advanced Protection Program that provides Google’s strongest protections against targeted attacks.To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting for Android users. Whether you’re an at-risk individual – such as a journalist, elected official, or public figure – or you just prioritize security, Advanced Protection gives you the ability to activate Google’s strongest security for mobile devices, providing greater peace of mind that you’re protected against the most sophisticated threats. Advanced Protection is available on devices with Android 16. Learn more in our blog. More intelligent defenses against bad apps with Google Play Protect One way malicious developers try to trick people is by hiding or changing their app icon, making unsafe apps more difficult to find and remove. Now, Google Play Protect live threat detection will catch apps and alert you when we detect this deceptive behavior. This feature will be available to Google Pixel 6+ and a selection of new devices from other manufacturers in the coming months. Google Play Protect always checks each app before it gets installed on your device, regardless of the install source. It conducts real-time scanning of an app, enhanced by on-device machine learning, when users try to install an app that has never been seen by Google Play Protect to help detect emerging threats. We’ve made Google Play Protect’s on-device capabilities smarter to help us identify more malicious applications even faster to keep you safe. Google Play Protect now uses a new set of on-device rules to specifically look for text or binary patterns to quickly identify malware families. If an app shows these malicious patterns, we can alert you before you even install it. And to keep you safe from new and emerging malware and their variants, we will update these rules frequently for better classification over time. This update to Google Play Protect is now available globally for all Android users with Google Play services. Always advancing Android security In addition to new features that come in numbered Android releases, we're constantly enhancing your protection on Android through seamless Google Play services updates and other improvements, ensuring you benefit from the latest security advancements continuously. This allows us to rapidly deploy critical defenses and keep you ahead of emerging threats, making your Android experience safer every day.Through close collaboration with our partners across the Android ecosystem and the broader security community, we remain focused on bringing you security enhancements and innovative new features to help keep you safe. Notes In-call protection for disabling Google Play Protect is available on Android 6+ devices. Protections for sideloading an app and turning on accessibility permissions are available on Android 16 devices. ↩ When a user’s device is not connected to Wi-Fi and has not been recently unlocked ↩
Analysis Summary
# Best Practices: Android Security and Privacy Enhancements (2025 Outlook)
## Overview
These practices summarize expected security and privacy advancements and best practices associated with the Android ecosystem, focusing on proactive defense measures, hardware security integration, software supply chain integrity, and enhanced user-centric privacy controls, referencing the context of Google's 2025 outlook.
## Key Recommendations
### Immediate Actions
1. **Ensure Current OS and Application Patching:** Immediately verify that all managed Android devices are running the latest stable Android OS version and that all third-party applications are updated via Google Play Protect or authorized enterprise distribution channels.
2. **Enable Biometric Authentication for Critical Access:** Mandate the use of strong, on-device biometrics (where available, utilizing secure hardware enclosures) for unlocking devices and authorizing sensitive transactions or application access.
3. **Audit Application Permissions:** Conduct an immediate review of all installed applications, revoking unnecessary sensitive permissions (e.g., location, microphone, contacts) for any non-essential applications.
### Short-term Improvements (1-3 months)
1. **Implement Hardware Root of Trust Checks:** If using devices with specialized security hardware (like Titan M2), ensure that boot chain integrity checks and attestation processes are actively monitored and configured to trigger alerts or device lockdown upon detection of tampering.
2. **Isolate Sensitive Workloads:** Configure and deploy applications handling highly sensitive data to utilize secure execution environments, such as the Private Compute Core, for specific tasks to protect data even from the main OS.
3. **Establish Software Supply Chain Verification:** Mandate the use of verifiable digital signing for all internal or enterprise-developed applications targeting Android, leveraging standards like Sigstore to ensure integrity from development to deployment.
### Long-term Strategy (3+ months)
1. **Adopt Memory-Safe Languages for Custom Code:** For organizations developing internal mobile applications or contributing to open-source components, prioritize the migration of native application codebases (C/C++) to memory-safe languages like Rust to proactively eliminate entire classes of memory-related vulnerabilities.
2. **Develop Advanced Spyware Detection Capabilities:** Integrate proactive monitoring tools capable of detecting signs of targeted spyware activity, potentially leveraging hardware-backed security reports or vendor-specific diagnostic utilities.
3. **Mandate Post-Quantum Readiness Assessment:** Begin the strategic planning and inventory process to understand cryptographic dependencies, preparing for the potential transition to post-quantum cryptography standards across all critical systems interacting with Android endpoints.
## Implementation Guidance
### For Small Organizations
- **Focus on Foundational Controls:** Prioritize immediate patching, strong user passcodes/PINs, and ensuring Google Play Protect is universally active.
- **Leverage Managed Device Settings:** Utilize basic Mobile Device Management (MDM) features to enforce minimum OS versions and restrict side-loading of applications from unknown sources.
### For Medium Organizations
- **Integrate Security Posture Checks (Attestation):** Begin integrating MDM/UEM solutions that leverage hardware security features to attest to the device's security state before granting access to corporate resources.
- **Supply Chain Monitoring for Dependencies:** If using CI/CD pipelines for mobile app development, use automated tools to scan open-source dependencies for known vulnerabilities and enforce dependency verification checks.
### For Large Enterprises
- **Deploy Hardware-Backed Security Policy Enforcement:** Fully integrate security hardware features (e.g., Titan M2 capabilities) into enterprise security policies, using hardware attestation as a prerequisite for accessing high-value enterprise data.
- **Fund Memory Safety Migration Projects:** Allocate resources specifically for refactoring legacy native code to memory-safe alternatives (Rust) within critical customer-facing or internal security applications.
- **Pilot Advanced Threat Hunting:** Implement enterprise-level telemetry and threat hunting focused on detecting atypical process behavior indicative of targeted spyware, complementing traditional endpoint detection capabilities.
## Configuration Examples
*(Note: Specific configuration examples are not detailed in the provided text snippet, but the following conceptual configurations are implied by the topics mentioned.)*
1. **Enforcing Secure Boot/Attestation via Enterprise Policy:**
* **Directive:** Configure MDM enforcement such that access to SaaS applications requires a verified boot chain report (hardware attestation success) from the device.
* **Configuration Concept:** `Policy.DeviceIntegrityCheck = Required AND HardwareAttestation_Status = Verified`.
2. **App Sandboxing/Isolation for Sensitive Data:**
* **Directive:** Configure the environment such that data processing requiring cryptographic operations on sensitive keys is directed only through the secure enclave pathways.
* **Configuration Concept:** Utilize Android APIs that route sensitive operations explicitly to the **Private Compute Core** execution environment.
## Compliance Alignment
The practices align generally with the following security frameworks, emphasizing verifiable integrity and data protection:
* **NIST Cybersecurity Framework (CSF):** Focuses heavily on **Protect** (access control, data security) and **Identify** (asset management, risk assessment).
* **ISO/IEC 27001/27002:** Security of mobile devices and secure development practices fall under Annex A controls related to asset management and secure systems engineering.
* **CIS Controls (Mobile Device Emphasis):** Aligns with controls requiring patch management, application whitelisting, and credential management.
## Common Pitfalls to Avoid
1. **Ignoring Hardware Security Capabilities:** Failing to leverage dedicated security chips (like Titan M2) for key management and boot integrity, relying solely on software-based controls.
2. **Treating All Code the Same:** Continuing to develop new high-risk or performance-critical native components in C/C++ without migrating to memory-safe alternatives (like Rust), unnecessarily increasing vulnerability surface area.
3. **Lax Permissions Management Post-Implementation:** Deploying new applications without re-auditing permissions, potentially allowing new components to gain broad access unintentionally.
## Resources
- **Android Security Documentation (Google Security Blog):** The primary source for ongoing best practices and feature rollouts. (Defanged Link: `google.com/securityblog`)
- **Sigstore Project Documentation:** For implementing verifiable software supply chain integrity for application artifacts. (Defanged Link: `sigstore.dev`)
- **Android Developer Documentation on Private Compute Core:** For guidance on isolating sensitive computations. (Defanged Link: `developer.android.com/privacy/compute-core`)