Google Adds New AI-Powered Android Protections Against Scams, Malware, and Theft

Google has announced a new wave of Android security and privacy features designed to stop scams, malicious apps, device theft, and data abuse before they cause harm. The updates combine on-device AI, stronger theft protections, safer app downloads, and clearer privacy controls.

The company says the goal is to make Android security more proactive. Instead of waiting for users to notice a suspicious app, fake bank call, or risky permission request, Android will increasingly detect dangerous behavior in real time and act sooner.

The new protections will roll out across different Android versions and device groups. Some features target Android 17, while others will reach Android 11+ or Android 16+ devices depending on the protection and hardware support.

Verified financial calls target bank spoofing scams

One of the most important updates is verified financial calls. Google says scammers often use internet-based calling systems to spoof caller ID and make a call appear to come from a bank or financial institution.

Android’s new protection checks suspicious incoming calls against participating financial apps installed on the device. If a call appears to come from a bank, Android can ask that bank’s app whether the institution is actually calling the user.

If the app confirms no call is being made, Android can automatically end the call. Financial institutions can also mark some numbers as inbound-only, meaning calls that appear to come from those numbers can be blocked directly.

Feature	What it does	Availability
Verified financial calls	Checks whether a bank-like incoming call is legitimate.	Rolling out on Android 11+ with select partners.
Live Threat Detection upgrades	Uses on-device AI to flag suspicious app behavior.	Expanded protections through Google Play Protect.
Dynamic signal monitoring	Detects patterns such as icon hiding and accessibility abuse.	Android 17 devices, with rollout planned later in 2026.
Chrome APK checks	Checks Android app downloads against known malware before download.	Chrome on Android with Safe Browsing enabled.
Mark as lost biometric lock	Adds biometric protection after a device is marked lost.	Android 17.

Live Threat Detection gets smarter

Google is expanding Live Threat Detection, a Google Play Protect feature that uses on-device AI to analyze app behavior. The system can warn users when an installed app starts acting suspiciously.

The upgraded warnings will cover more behaviors linked to scams and malware. Google specifically mentions SMS forwarding, where an app quietly forwards text messages to another number, and accessibility overlay abuse, where an app uses accessibility permissions to mislead users.

Dynamic signal monitoring adds another layer. It monitors how apps interact with the operating system and looks for known suspicious patterns in real time, such as apps changing or hiding their icons and launching from the background.

Chrome will block more risky APK downloads

Google is also adding another safety layer to Chrome on Android. When Safe Browsing is turned on and a user tries to download an Android app, Chrome can evaluate the APK against known malware data before the download finishes.

This matters because many Android scams start outside Google Play. Attackers often push users to download fake banking apps, fake support tools, or modified versions of legitimate apps from websites and social media links.

Stopping a dangerous APK before it lands on the device gives users another chance to avoid sideloaded malware. It also strengthens Play Protect’s existing scanning and warning systems.

• Chrome checks risky APK downloads before completion.
• Live Threat Detection watches installed app behavior.
• Play Protect can warn users when harmful activity appears.
• On-device AI helps detect suspicious behavior without sending app activity to Google servers.
• Dynamic rules can improve protection against emerging threat patterns.

Android 17 strengthens theft protection

Google is improving device theft protections in Android 17. The Find Hub “Mark as lost” feature will add biometric authentication, so a thief who knows a user’s PIN or password still cannot easily regain access after the owner marks the phone as lost.

Marking a device as lost will also trigger additional protections. Google says Android can hide Quick Settings and block new Wi-Fi and Bluetooth connections, reducing the ways a thief can weaken tracking or recovery.

Theft protections are also expanding by default. Following a Brazil pilot, Google says default-on protections will apply to all new Android 17 devices, freshly reset devices, and devices upgraded to the latest OS. In Argentina, Chile, Colombia, Mexico, and the UK, these protections will expand to devices running Android 10 or higher.

Location and contact controls become more limited by design

Android 17 will introduce a new location button that lets users share precise location temporarily while a specific app is open. This gives users a safer option for quick tasks, such as finding a nearby cafe or completing a one-time location request.

Google is also making location access more visible. A new location indicator will appear at the top of the screen when an app accesses location data, similar to the camera and microphone indicators.

Contact sharing is also getting tighter. Android’s new contact picker lets apps request access to specific contacts and specific fields instead of asking for the entire address book. Access can also be temporary.

Privacy control	User benefit
Temporary precise location	Lets users share location only while completing a task.
Location indicator	Shows when an app uses location and lets users review recent access.
Contact picker	Allows limited sharing of selected contacts instead of the full address book.
Temporary contact access	Reduces long-term exposure after a one-time contact-sharing action.

Advanced Protection adds stronger mobile safeguards

Google is continuing to expand Android Advanced Protection, its stronger security mode for users at higher risk of scams, fraud, and targeted attacks. Recent upgrades include USB protection and Intrusion Logging.

USB protection is available in Advanced Protection on Pixel devices running Android 16 or later and will come to more Android devices. Intrusion Logging is rolling out to devices running the Android 16 December update and newer.

Intrusion Logging gives users and investigators a privacy-preserving record of device activity after a suspected compromise. Google developed it with partners including Amnesty International and Reporters Without Borders.

AISeal and Android OS verification focus on trust

Android 17 will introduce AISeal with pKVM to strengthen how Android isolates and protects sensitive AI processing. Google says this creates a secure environment for handling ambient data tied to AI features.

Google is also adding Android OS verification. The feature will launch first on Pixel devices and help users confirm that their phone runs an official, widely distributed Android build.

This matters because attackers sometimes distribute modified operating system builds that look legitimate but contain hidden changes. Android OS verification gives users a clearer way to detect whether a device runs trusted software.

Android now hides OTP codes from most apps

Google is tightening one-time password protection. Android now hides sensitive security codes from most apps for three hours, reducing the chance that a malicious app with SMS permission can steal active verification codes.

This protection targets a common fraud path. Attackers often use fake apps to read SMS messages and capture login codes before users realize something has gone wrong.

OTP hiding does not replace stronger authentication, but it helps protect users who still receive verification codes by text message.

• Android hides sensitive OTP codes from most apps for three hours.
• The feature reduces abuse of SMS permissions.
• Users should still avoid installing apps from untrusted sources.
• Banking and wallet users should enable stronger authentication when available.

Why these Android security upgrades matter

Google’s 2026 Android security updates show a broader shift toward automatic, behavior-based protection. Scams and malware now depend heavily on social engineering, app abuse, fake calls, sideloaded APKs, and stolen verification codes.

The new features target those attack paths directly. Verified financial calls address spoofed bank calls. Live Threat Detection watches app behavior. Chrome checks APKs earlier. Theft protections reduce the damage from stolen devices. Privacy controls limit what apps can access.

Not every feature will arrive on every Android phone at the same time. Still, the direction is clear: Android is moving more security decisions into the operating system, using AI and stricter controls to reduce the burden on users.

What Android users should do now

Users should keep Android, Google Play services, Chrome, and Google Play Protect up to date. Many protections depend on system updates, Play services updates, app updates, or device support.

Users should also keep Safe Browsing enabled in Chrome and avoid installing APKs from unknown websites. They should review app permissions, especially accessibility, SMS, contacts, and location access.

For higher-risk users, Advanced Protection can provide stronger controls. For everyone else, the biggest gains come from updating devices, avoiding sideloaded apps, and watching for prompts that ask for unnecessary permissions.

1. Install the latest Android system update available for your device.
2. Update Google Play services, Chrome, and Google Play Protect.
3. Keep Chrome Safe Browsing enabled.
4. Avoid sideloading APKs from unknown websites or social media links.
5. Remove accessibility permission from apps that do not need it.
6. Review SMS, contacts, and location permissions regularly.
7. Use Find Hub and learn how to mark a device as lost before theft happens.
8. Consider Advanced Protection if you face elevated risk.

FAQ