Google is rolling out a new feature in Android designed to block fraudsters from manipulating device settings during phone calls. This important security measure, currently available in Android 16 Beta 2, aims to protect users from common tactics employed by cybercriminals who seek to exploit unsuspecting individuals.
Google Enhances In-Call Security Measures
The latest update introduces robust in-call protections against scammers. It prevents users from changing sensitive settings while they are on a call. Specifically, the feature blocks attempts to enable installations from unknown sources and restricts granting accessibility access during phone conversations. If users try to make these changes, they will receive a warning message: “Scammers often request this type of action during phone calls, so it’s blocked to protect you. If someone you don’t know is guiding you to take this action, it might be a scam.” This proactive measure helps create a safer communication environment, allowing users to focus on their conversations without the fear of falling victim to scams.
Addressing Telephone-Oriented Attack Delivery (TOAD)
This new feature directly addresses the rising threat of telephone-oriented attack delivery (TOAD). Scammers frequently send SMS messages that urge victims to call a specific number, creating a false sense of urgency. Research from NCC Group and Finland’s National Cyber Security Centre (NCSC-FI) has shown that cybercriminals use this tactic to distribute malicious dropper apps, including notorious malware like Vultr. By blocking sensitive actions during calls, Google aims to disrupt this deceptive cycle and protect users from being manipulated into installing harmful software.
Expanding Security Features
Google’s commitment to user safety extends beyond this new feature. The tech giant has previously expanded restricted settings to cover a broader range of permissions, further safeguarding users from the risks associated with sideloaded applications. This expansion includes measures that prevent unauthorized access to sensitive data, ensuring that users maintain control over their devices.
Additionally, Google has implemented automatic blocking of potentially unsafe app installations in various markets, including Brazil, India, and South Africa, to combat fraud effectively. These measures reflect a comprehensive strategy to enhance mobile security and protect users from evolving cyber threats.
