Google today outlined new security and privacy features coming to Android throughout 2026, focusing on AI-powered protections, banking scam prevention, device theft safeguards, and privacy controls. Eugene Liderman, Director of Android Security and Privacy, detailed the updates in a blog post.
Verified Financial Calls
Google is rolling out verified financial calls, a feature designed to combat phone call spoofing where scammers impersonate banks and financial institutions. Spoofed calls using altered caller IDs result in an estimated $950 million in annual losses worldwide.
The feature works in the background when a participating bank or financial institution’s app is installed and the user has signed in. When a call appears to be from the bank, Android asks the app for confirmation. If the app confirms no phone call is being made, the system ends the call automatically. Banks can also designate numbers as inbound-only, meaning incoming calls from those numbers will be ended directly.
Verified financial calls will begin rolling out on Android 11+ devices with Revolut, Itaú, and Nubank in the coming weeks, with more banks joining later this year.
Live Threat Detection Enhancements
Live Threat Detection, which uses on-device AI to analyze app behavior in real time, is receiving new warnings for suspicious behaviors including SMS forwarding and accessibility overlay abuse. Dynamic signal monitoring allows Android to warn users about apps that change or hide their icon and then launch from the background or abuse accessibility permissions.
The system can push down rules dynamically to protect against new and emerging threat behaviors. Dynamic signal monitoring will be enabled on Android 17 devices, with protections rolling out in the second half of the year.
Chrome and Advanced Protection Updates
Chrome on Android is adding another layer of protection at download time. If Safe Browsing is enabled and a user wants to download an app, Chrome will evaluate the APK for known malware and block the download if necessary.
Advanced Protection, which enables Google’s strongest protections against scams, fraud, and targeted attacks through a single toggle, is receiving key upgrades. USB protection is now available on all Pixel devices running Android 16+, with expansion to more Android devices coming soon. Intrusion Logging, developed in partnership with Amnesty International and Reporters Without Borders, is rolling out to all devices running the Android 16 December update and newer.
Android 17 expands Advanced Protection by removing accessibility service access from all apps not labeled as accessibility tools, disabling device-to-device unlocking and Chrome WebGPU support, and integrating scam detection for chat notifications. Android Enterprise support for Advanced Protection will arrive later this year.
Device Theft Protections
Find Hub’s Mark as Lost feature in Android 17 can now lock a phone with biometric authentication in addition to the regular device passcode or PIN. Thieves who obtained a passcode or PIN will not be able to turn off device tracking or re-access a phone marked as lost. The feature also hides Quick Settings and disables new Wi-Fi and Bluetooth connections.
Following a successful pilot in Brazil, default-on theft protections are expanding globally. Features like Remote Lock and Theft Detection Lock will be enabled by default on all new Android 17 devices, as well as those freshly reset or upgraded to the latest OS. In Argentina, Chile, Colombia, Mexico, and the UK, these protections extend to all devices running Android 10 or higher.
Android 17 reduces the number of times someone can guess a PIN or password on supported devices and adds longer wait times between failed attempts. A device’s IMEI can now be accessed via the lock screen on devices running Android 12 or higher to streamline device recovery.
Privacy Controls
Android 17 introduces a new location button that allows users to share precise location temporarily for specific tasks while an app is open, ideal for quick tasks like finding a nearby cafe without requiring permanent permissions. A new location indicator appears at the top of the screen when location is accessed, similar to camera and microphone indicators.
A new contact picker gives users more control when providing contact access to apps. Developers can request access to specific contacts only rather than broad access to an entire address book. Apps can specify which fields they need, and access to contacts will be temporary.
AI Security and OS Verification
Android 17 introduces AISeal with pKVM to fortify Private Compute Core (PCC) and Private AI Compute with verifiable, hardware-backed, on-device isolation for processing ambient data securely.
Android OS verification launches initially on Pixel devices to help users verify they are running an official, widely distributed build of Android OS. Google is utilizing a public, append-only ledger that provides cryptographic proof that production Google applications across Android are authentic versions released by Google.
Additional Security Features
Android now automatically hides one-time passwords (OTPs) from text messages for three hours from most apps to prevent malicious apps from stealing security codes.
Android 17 gives carriers the ability to configure the disable 2G toggle to default to 2G being off, protecting customers from legacy technology vulnerabilities in areas where 2G infrastructure is no longer maintained. Google is also introducing Post-Quantum Cryptography to stay ahead of future threats.
More details on Android security and privacy updates can be found on the Android blog.
