News

Amidst all the sexy Google I/O 2024 announcements like Gemini, Google Search, Google Maps, and a new version of Android coming up, comes essential security upgrades that fundamentally change how Android mobiles help to protect its users in both the physical and online world. Google today (16 May 2024) announced several Android security features that look into , data protection, and , and measures. It’s a lot to go through, but the features mainly fall under two categories: mitigating the outcomes of a snatch theft, and preventing screen sharing from being too useful to scammers and malicious apps.  The security team at Android said that it has implemented a host of features to deter criminals from finding Android phones lucrative enough to target them for thefts. First, factory reset upgrades now . If an Android phone goes through a factory reset, the device requires your Google Account credentials or knowledge of the device to set it up as a brand new device. This renders a device unsellable, which Google said should disincentivise thefts. Also, Android now comes with a for sensitive apps. The team said that this helps where victims are forced to unlock phones to facilitate fund transfers on-the-spot. Private Space is a built-in feature where users can store important apps and hide them away from view with a separate PIN. Now, disabling Find My Device tracking or extending screen timeout also requires a PIN, password, or biometric authentication, which makes it harder for criminals who keep your phone awake (to access data). In the event that a thief knows your PIN, Google has also thwarted that by requiring additional authentication (like biometrics) for changing critical Google Account credentials and device settings Android now also comes with the ability to determine snatch thefts when users are busy on their phones — the on-board AI can now detect if someone snatches your phone from your hand and tries to run, bike, or drive away. Called and Offline Device Lock, the phone screen automatically locks itself when it detects such motions, preventing easy data access. This update will roll out to Android 10 or newer devices “later this year”. If you misplace your Android phone and it’s not coming back to you, you can now lock your device remotely. Called , users can lock their Android device by borrowing another device and punching in their phone number with a quick security challenge inside Find My Device. This would allow the user more time to recover account details and use other protection tools, like remotely wiping the phone for their data privacy and safety. Like the above feature, Remote Lock is also rolling out to Android 10 or newer devices “later this year”. Besides alerting Android users if they seem to be , the operating system is also making things harder for scammers who guide their victims through screen sharing. These adjustments also make it hard for stealthy malware to record sensitive data or use the phone in the user’s absence. Currently, Google Play Protect has , where it uses on-device machine learning to observe malware-like behaviours on your phone. This helps identify malware that lies dormant on a victim’s phone for extended periods. Also, the offending app also gets sent back to Google for another review.  There’s also , which limits any screen-sharing activities to the selected app. This means notifications are not captured during screen sharing, and viewers would be met with a blank screen if the sharer exits the app.  Extra protections also include omitting information. During a screen share or screen recording, notifications containing OTPs (one-time passwords) are not recorded, even if the device runs on a device-wide screen share. Other viewers would only see a notification, but no details are shown since it’s redacted. On a similar vein, screen sharing also while screen sharing. Viewers (or in this case, scammers) would also only see a black screen during any login process. Remember when banking apps in Singapore received enhanced measures where the and simply refuse to work if so? Google not only introduced, but is also enhancing further. App developers of sensitive apps, like banking or government services, can include an integrity API where Android can play a part in detecting if a phone has apps installed from third-party sources (e.g. through an unofficial app store, from the Internet, etc.). Such access to the Integrity API is not limited to financial apps, as messaging apps and more can also request for it. Such apps with these integrity checks enabled can request users to disable these dodgy apps before agreeing to work. According to Google, Play Integrity API has strict requirements to prevent abuse, which requires valid reasons and requests for certain app permissions for the developer to consider a phone unsafe.