Latest news with #AndroidSecurity
Fox News
5 days ago
- Fox News
Android security upgrades outsmart scams and protect your privacy
With the increasing sophistication of digital threats, safeguarding your phone and personal data has never been more crucial. Android is responding with a suite of new security features designed to protect you from scams, fraud, and device theft. These enhancements are primarily rolling out to devices running Android 16. Some protections, such as enhanced theft protection and AI-powered scam detection, are also becoming available on select devices running Android 10 and later via Google Play Services updates. The most advanced features, including Identity Check and device-level Advanced Protection, are initially launching on Google Pixel and Samsung devices with One UI 7, with plans to expand to other manufacturers as they update to Android 16. Let's take a look at how these innovations are making Android security smarter and more comprehensive. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide free when you join. Phone scammers are becoming increasingly creative, often attempting to trick people into changing device security settings or granting risky permissions during calls. Android's new in-call protections add a layer of defense by blocking certain actions during calls with non-contacts. For example, you won't be able to disable Google Play Protect, sideload an app for the first time, or grant accessibility permissions while on a call with someone not in your contacts. If you're screen-sharing during a call, Android will prompt you to stop sharing when the call ends. Android's AI-powered Scam Detection in Google Messages and Phone by Google is now even more intelligent. It can identify suspicious conversation patterns in real-time and warn you before you fall victim to a scam. This protection covers a wide range of scams, including toll road and billing fee scams, cryptocurrency scams, financial impersonation scams, gift card and prize scams, tech support scams, and more. All message analysis happens on your device, so your conversations stay private. Availability can vary depending on your device, region, and carrier. If you don't see these features yet, make sure your app is updated and keep an eye out as Google continues to expand support to more users worldwide. To help protect you from scammers who try to impersonate someone you know, Android is rolling out Key Verifier in Google Messages. This feature lets you and your contact verify each other's identity using public encryption keys, either by scanning a QR code or comparing numbers. If a contact's verification status changes, like after a SIM swap, you'll see a warning, giving you extra confidence that you're talking to the right person. If you've ever used Android's Find My Device to track down a lost phone or set of keys, you know how helpful it can be. Now, Find My Device is evolving into Find Hub, making it easier to keep track of your devices, family, and friends all in one place, with more partner brands joining the network. Find Hub is also becoming more personalized. Whether you want built-in luggage tracking from July and Mokobara, ski protection with Peak integration, or Disney-themed Bluetooth tags from Pixbee, there are options to suit different needs. Soon, tags that are enabled with ultra-wideband, starting with moto tag, will provide improved nearby location tracking. Later this year, Find Hub will include satellite connectivity, allowing you to stay connected with friends and family even when cellular service is unavailable. For travelers, new partnerships with airlines such as Aer Lingus, British Airways, Cathay Pacific, Iberia, and Singapore Airlines will let you share your Bluetooth tag's location directly with these airlines. This should make recovering lost luggage easier and less stressful. Android continues to strengthen its theft protection features. The new Identity Check adds an extra layer of security if your PIN or password is compromised, and it's rolling out to more devices with Android 16. Factory Reset Protection is getting tougher, restricting all functionalities on devices reset without the owner's authorization. Remote Lock now includes a security challenge question to prevent unauthorized use, and one-time passwords will be hidden on the lock screen in higher-risk scenarios. For those who want even stronger security, Advanced Protection is now available as a device-level setting in Android 16. This combines Google's most robust security tools, like intrusion logging and scam call detection, into one setting that can't be turned off without unenrolling. Whether you're a journalist, a public figure, or just want extra peace of mind, Android 16 makes it easy to activate Advanced Protection. This suite of features brings together Google's top security tools, like Intrusion Logging, USB protection, and scam detection for calls, into one powerful setting. Once enabled, these protections can't be turned off, shielding you against even the most sophisticated attacks. And new features are on the way, including tighter controls over app permissions and network connections. To turn on Google's Advanced Protection, follow these steps: Settings may vary depending on your Android phone's manufacturer. You may be prompted to verify your identity (such as entering your password or using biometric authentication). Once you've completed the steps, you'll see a confirmation that Advanced Protection is active. Note: After activation, these protections cannot be turned off without unenrolling from Advanced Protection. You can review and adjust related security settings within the Advanced Protection menu, such as app permissions and network controls, as new features become available. If you don't see the option, make sure your device is updated to Android 16 and check for any additional requirements, such as a Google account or specific device compatibility. Some features may require additional verification steps, like using a security key or two-factor authentication, especially if you're enrolling for the first time or on a new device. While Android is doing a lot to protect you, there are a few extra steps you can take to boost your security: Install strong antivirus software: This adds another layer of defense against malware and suspicious apps. Google Play Protect, which is built-in malware protection for Android devices, automatically removes known malware. However, it is important to note that Google Play Protect may not be enough. Historically, it isn't 100% foolproof at removing all known malware from Android devices. So, you may want to choose a strong antivirus app and keep it updated for maximum protection. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices. Keep your device updated: Always install the latest Android updates to patch any security vulnerabilities. Updates often include important security fixes that protect against new threats. To do this, go to Settings, tap System or About phone, select Software update or System update, then tap Download and Install if an update is available. Use strong, unique passwords: Avoid reusing passwords across different accounts to reduce the risk if one is compromised. Consider a password manager to generate and store complex passwords. Get more details about my best expert-reviewed password managers of 2025 here. Be cautious with app permissions: Only grant apps the permissions they truly need. Review permissions regularly and revoke any that seem unnecessary or intrusive. Enable two-factor authentication: This adds an extra step to your logins, making it more difficult for others to access your accounts. Most major apps and services offer this feature in their security settings. Download apps only from the Google Play Store: Avoid third-party stores, which are more likely to host unsafe apps. The Play Store has security checks that help reduce the risk of downloading malicious software. Regularly review your privacy settings: Make sure you're comfortable with what you're sharing. Adjust settings to limit data sharing and enhance your privacy whenever possible. Consider a personal data removal service: Scammers often start by gathering information about you from public records and data broker sites. Using a personal data removal service can help scrub your personal details from these sites, making it much harder for scammers to target you. If you're concerned about your privacy or just want to take your security to the next level, this is a smart step to consider. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web. Keeping your phone and personal data secure is more important than ever, but Android is making it easier to stay protected with smarter scam detection, new ways to keep track of your devices and loved ones, and the strongest security features yet. By taking a few extra steps, like using strong passwords, keeping your device updated, and considering a personal data removal service, you're adding even more layers of protection against evolving threats. Security is always changing, but with these tools and habits, you can use your Android device with greater confidence and peace of mind. Who do you think should bear the greatest responsibility for keeping your data safe: tech companies, the government, or you as an individual? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels: Answers to the most-asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
Forbes
15-06-2025
- Forbes
Critical Google Messages Security Update For 1 Billion Users Confirmed
Google Messages is about to get a lot safer with Key Verifier feature. Although Android 16 has now launched, at least for some device users, and brought with it long-overdue and highly welcome new security protections, users of Google Messages will need to wait a little longer for one critical update. Don't worry, this Google Messages update is coming to an Android device near you very soon indeed, and it really is an anti-scam security game-changer. Here's everything you need to know about the new key verifier feature. Although there's no doubt that Android 16 is a step up in security terms, particularly when it comes to anti-scam protections such as preventing the user from disabling Google Play Protect, sideloading an app or changing app accessibility permission during a call, there is still more work to be done. The good news is not only that Google knows this, but it is acting upon it. I don't use the term critical lightly, when it comes to cybersecurity that would be a poor show indeed, but if ever a new security function deserved the epithet, then Key Verifier for Google Messages is it. Dave Kleidermacher, the vice president of engineering with Google's Android security and privacy team, described the key verifier for Google Messages as providing 'an extra layer of assurance that the person on the other end is genuine' when in conversation with someone. The technical explanation is that the key verifier function is a tool that validates the identity of the person you are in conversation with when using Google Messages by way of public encryption keys that protect the end-to-end messaging. It verifies the contact keys in your Google Contacts, either by you scanning a QR code (yes, I know, but anti-scam protections can also use tools that are abused by scammers) or straightforward number comparison. The non-technical explanation, as Kleidermacher explained, is that it provides a visual way to easily and efficiently confirm that these secret encryption keys match. 'If an attacker gains access to a friend's phone number and uses it on another device to send you a message,' Kleidermacher said, 'their contact's verification status will be marked as no longer verified in the Google Contacts app, suggesting your friend's account may be compromised or has been changed.' Is it perfect? No. Can it provide a 100% guarantee that you are not being scammed? No. Is it a critical weapon in the fight against scammers? Heck yes. Anti-scam protection revolves around a central hub of trust, and the Google Messages key verifier will add confidence to your communications that you are in conversation with the person you think you are, and not a scammer. 'Key Verifier will launch later this summer in Google Messages on Android 10+ devices,' Kleidermacher confirmed. Not long to wait, but in the meantime, continue to be careful out there and stay alert to the phishing threat.
Forbes
09-06-2025
- Forbes
Samsung Warns All Galaxy Users—Restart Your Phone
Restart your phone today. Android is under attack. Google warning that new vulnerabilities 'may be under limited, targeted exploitation' have become alarmingly frequent, as the Android-maker and its OEMs issue critical updates. Meanwhile, smartphone users are advised to watch for signs that their own phones may have been compromised. Separately, restarting phones made headlines over the last 12-months, as first iPhone and then Android introduced an auto-restart after three days of inactivity, making it more difficult for law enforcement or others to plug in cables to extract user data. While some years ago, America's NSA told users to 'turn devices off and on weekly,' that's not a habit that has caught on. Most users leave them on until forced to reboot. But Samsung actually warns its Galaxy users to do the same — and even more frequently. 'Make restarting your Galaxy phone a daily habit,' it says. Automating restarts 'Periodic restarting can prevent problems with your Galaxy phone,' Samsung says, including 'your phone suddenly freezing or [becoming] too slow,' two signs that could — maybe — be the sign of a security issue, albeit will more likely be performance related. 'The issue can sometimes be resolved just by restarting the phone.' Maybe this advice will now catch on, given the raft of new attacks driven primarily by the forensic industry finding more ways to compromise device security. 'Rebooting your phone daily is your best defense against zero-click attacks,' ZDNet now reports. That advice came courtesy of iVerify's Ricky Cole, whose company warned last week that iPhones had likely been attacked through an iMessage vulnerability that has since been patched. Apple says attacks did not take place, but the high-profile victims suggested by iVerify ensured a flurry of headlines followed. There are several ways to restart your Galaxy phone, but the easiest is to automate it. You can set your phone to 'auto-optimize daily' or to restart on a schedule. As long as the phone is not being used and has plenty of battery, it will reboot.
Forbes
29-05-2025
- General
- Forbes
Android Users Need To Update Chrome Now — 8 Security Reasons Why
Update Chrome for Android now. LightRocket via Getty Images Smartphone users have had a rough old time of it lately as far as security issues are concerned. What with everything from specific PIN codes being flagged as insecure, an FBI warning of a new and highly dangerous attack threat, and Google advising about mobile threats targeting Android users. Of course, it's not all been bad news. I've reported how a secret code can stop Android smartphone attacks, and Google's recent Android updates have added smartphone security features anew. Now there's another Android update that Google has just dropped, and this one needs to be implemented as soon as possible. Don't wait, act today. Here are the eight security reasons why. Hardly a week goes by without a Chrome security update being released by Google, and that's a very good thing indeed, as it means your security is being protected. By discovering such vulnerabilities and releasing patches to fix them, Google enables you to shore up your smartphone before attackers can exploit them. Assuming, that is, you apply those updates as soon as they are released. And there, dear reader, lies the rub: many users wait until an automatic update arrives, even though, as Google readily admits, this can take days or weeks. Days or weeks that leave an opportunity for hackers to attack. That's why it's imperative to kickstart any update as soon as it has been confirmed, using the usual methods for the desktop, or by downloading the latest app for Android. And it is the latter that needs your attention now, today. Google has confirmed in a May 28 posting that Chrome for Android 37.0.7151.61 will become available on Google Play in the coming days. Go and check now, and update if it's there. This release includes fixes for eight listed Common Vulnerabilities and Exposures, that's eight security issues that could impact your safety if not addressed. The CVEs are as follows: High Medium Low So, you know what to do: check that your Chrome for Android app is up to date and check it now.
Android Authority
27-05-2025
- Business
- Android Authority
Google Play's latest security change may break many Android apps for some power users
Mishaal Rahman / Android Authority TL;DR Google's updated Play Integrity API is making it significantly harder for users with rooted phones or custom ROMs to access certain applications due to enhanced security verifications. The update, now rolling out by default as of May 2025, enforces stricter hardware-backed security signals for integrity verdicts on devices running Android 13 or later. While this change aims to protect apps from abuse, it negatively impacts legitimate power users and potentially those on older devices lacking recent security patches. Compared to the billions of regular Android users, the number of people who root their Android phones or install custom ROMs is minuscule. While I wouldn't say Google is actively hostile towards these power users, the company's efforts to strengthen Android app security have the unfortunate side effect of negatively impacting their experience. Google's latest update to the Play Integrity API, for example, makes it easier for developers to protect their apps from abusive users while also making it significantly harder for legitimate power users to utilize certain applications. The Play Integrity API is a tool developers can use to verify that inbound interactions and server requests come from an unmodified version of their app binary running on a genuine Android device. Many developers use this API to mitigate app abuse that could lead to revenue or data loss. For example, the API can help prevent users from accessing premium content without paying, or it can help safeguard sensitive financial data by preventing access on devices that could potentially be compromised. Google The problem for power users who root their phones or install a custom ROM lies in Google's definition of a 'genuine' Android device: one running a Google Play-certified build of Android. This definition inherently excludes nearly every custom ROM, prompting many custom ROM users to employ hacks to spoof certified builds. While many people who root their phones don't install a custom ROM, they do unlock the bootloader as part of the rooting process. This step causes their devices to fail the more stringent Play Integrity checks, locking them out of many dining, medical, gaming, banking, and payment apps, as these types of apps often utilize the API's stricter evaluations. Previously, the Play Integrity API and its predecessor, the SafetyNet Attestation API, weren't as much of a concern for power users, as they could often find easy workarounds. However, Google has been moving to enforce hardware-backed security signals. These are significantly harder to bypass because, unlike simpler past methods, they are rooted in the hardware itself. While these hardware-based checks offer more robust security, power users had found some reprieve in the fact that Google wasn't universally enforcing their strictest application. Furthermore, it was up to app developers to decide whether they wanted hardware-backed security signals to be enforced. This gave developers the flexibility to restrict their apps' usage as they saw fit. For example, banking or payment apps often went out of their way to check that devices passed hardware-backed signals, but now, these signals are part of Play Integrity's baseline for all integrators of the API. In December of last year, Google announced a major update to the Play Integrity API that enhances the 'basic,' 'device,' and 'strong' integrity verdicts on devices running Android 13 or later. The 'device' and 'strong' integrity verdicts are the two more stringent verdicts apps can receive when calling the Play Integrity API. The 'basic' verdict, while less stringent, is also not as widely used by developers seeking higher levels of security. Google In the past, only the 'strong' integrity verdict used hardware-backed security signals. Starting in December of last year, however, Google made all integrity verdicts even stricter: the 'device' integrity verdict was updated to also use hardware-backed security signals, while the 'strong' integrity verdict was revised to require a security patch level from within the last year. Meanwhile, the 'basic' integrity verdict was also updated to use hardware-backed signals, though due to its less stringent requirements, it passes even on devices with root enabled or the bootloader unlocked. Google's stated reasoning for this change was to make the Play Integrity API faster, more reliable, and more private for users by reducing the number of signals that need to be collected. These changes also make the API harder and more costly for attackers to bypass. At the time of the announcement, these updated integrity verdicts weren't immediately enforced. Google made them opt-in for developers but stated that all '[Play Integrity] API integrations would automatically transition to the new verdicts in May 2025.' Well, it's now May, and Google is making good on its promise. At Google I/O 2025, the company announced that it had flipped the switch and made all integrity verdicts stronger by default. During the 'what's new in Google Play' session, Raghavendra Hareesh, the Lead of Play Developer and Play Monetization at Google, said that the company is 'rolling out stronger verdicts for all developers with no additional developer work required.' 'The Play Integrity API is a vital tool in any comprehensive security strategy. Helping you defend your entire app experience. It's crucial in preventing abuse that can lead to revenue loss and also harm your users. Developers who have been using this API are seeing over 80% lower unauthorized usage compared to other apps. That means less fraud, less cheating, or data theft. And we are continuing to evolve this Play Integrity API to stay ahead of all the threats that are out there. So today we are rolling out stronger verdicts for all developers with no additional developer work required. This makes it faster, more reliable, and more privacy-friendly to check if a device is trustworthy. Developers can also now check if a device has recently installed a security update, which is very important for apps which are protecting sensitive actions.' Raghavendra Hareesh, Lead of Play Developer and Play Monetization at Google This means that power users who root their phones or install a custom ROM may suddenly find some apps stop working, especially on devices running Android 13 or later. Even users with unmodified Android 13+ devices might face problems if their devices haven't received a software update in a while. This is because apps checking the 'strong' integrity verdict require a recent security patch level to pass. Mishaal Rahman / Android Authority Error message in the Pokémon Go app when the device fails its Play Integrity checks Google's full implementation of hardware-backed security signals has been anticipated for some time. While power users previously found simple ways to bypass earlier measures — often by tricking the Play Integrity API into relying on more easily spoofed software-based checks — these methods were never permanent solutions. It was, therefore, only a matter of time before these users would encounter broken apps. Soon, easy workarounds will likely vanish, leaving users with no choice but to either resort to shady keybox leaks or to restore their devices to stock. So, while Google's primary aim with these changes is to improve app security for everyone, they nonetheless degrade the experience for these power users. Thanks to security researcher linuxct for his inputs on this article! Got a tip? Talk to us! Email our staff at Email our staff at news@ . You can stay anonymous or get credit for the info, it's your choice.
