Google has launched a new security feature called Identity Check, aimed at strengthening the protection of sensitive device settings and user accounts on supported Android devices. The feature requires explicit biometric authentication to access specific resources when users are outside of trusted locations.
“When you turn on Identity Check, your device will mandate biometric authentication to access certain sensitive resources outside of your trusted locations,” Google announced in an official blog post.
Key Features of Identity Check
Once activated, Identity Check requires biometric authentication for several sensitive actions, enhancing the overall security of your device. For example, accessing saved passwords and passkeys through Google Password Manager or autofilling passwords in apps (excluding Chrome) now mandates biometric verification. Similarly, changing screen lock settings—such as updating your PIN, pattern, or password—or modifying biometric options like Fingerprint or Face Unlock also requires explicit authentication.
Additionally, actions like performing a factory reset, disabling features such as Find My Device or other theft protections, and viewing or editing trusted locations are protected by this feature. Identity Check must also be disabled biometrically, ensuring unauthorized users cannot simply turn it off. Even critical tasks like setting up a new device with your current one, managing Google Accounts, or accessing Developer options are now guarded.
The feature further extends its protection to Google Accounts on the device, making it significantly harder for unauthorized individuals to take control of accounts signed in on the device. This layered approach provides a robust barrier against unauthorised access.
Device Availability and Setup
Currently, Identity Check is available on Google’s Pixel devices running Android 15 and eligible Samsung Galaxy phones with One UI 7. Users can enable the feature by navigating to:
Settings > Google > All services > Theft protection > Identity Check.
Broader Security Enhancements
Identity Check is part of a broader initiative by Google to improve device security. Other recent additions include:
- Theft Detection Lock: Powered by artificial intelligence, this feature locks devices against unauthorized use even when offline. It is now available globally on all Android devices running Android 10 or later.
- Offline Device Lock: Enhances security by preventing device access when disconnected from the internet.
- Remote Lock: Provides users with tools to secure devices remotely in case of theft.
Google is also collaborating with the GSMA and industry experts to combat mobile theft through shared tools, prevention techniques, and enhanced information sharing.
Chrome Web Store Security Improvements
In addition to device-level security, Google has introduced a Chrome Web Store for Enterprises, enabling organizations to create curated lists of safe and approved browser extensions. This minimizes risks associated with the installation of unvetted or potentially harmful add-ons.
Rising Threats to Chrome Extensions
The focus on Chrome Web Store security comes in the wake of a sophisticated spear-phishing campaign targeting Chrome extension developers. The campaign, active since at least December 2023, involved inserting malicious code into legitimate Chrome extensions to steal sensitive information such as:
- API keys
- Session cookies
- Authentication tokens from platforms like ChatGPT and Facebook for Business.
According to a report by French cybersecurity firm Sekoia, the threat actor initially distributed malicious Chrome extensions through fake websites. However, by late 2024, they had shifted tactics to compromise legitimate extensions via phishing emails, malicious OAuth applications, and injected code.
“This threat actor has specialized in spreading malicious Chrome extensions to harvest sensitive data,” the report stated, describing the adversary as highly persistent.
