In-call scam protection is a relatively new security feature, first announced in May and implemented in Android 16. The system’s primary role is to detect and warn users of potential danger when they are engaged in a call with a number not stored in their contacts and simultaneously open a financial application or share their device screen. This defense is specifically aimed at countering a widespread scam tactic where criminals impersonate trustworthy institutions, like banks, over the phone. Their goal is to pressure victims into sharing their screen, which can reveal sensitive banking information or allow them to initiate a fraudulent financial transfer.
When the system detects this risky combination of actions, a persistent alert is immediately displayed on the user’s screen. This warning notifies the user that the person on the line may be an imposter and that they should disregard any instructions being given. The notification also strongly advises the user against sharing any personal data or proceeding with any payments. The pop-up warning is a critical component of the feature and remains visible for 30 seconds, during which time the only action available to the user is to end the phone call.
Google developed this mandatory 30-second pause with a specific psychological intent: to interrupt the social-engineering process. The goal of the pause is to break the attacker’s “spell,” which often relies on a false sense of panic, urgency, or authority to manipulate the victim. By forcing this break in the interaction, the system disrupts the high-pressure environment necessary for the scammer to succeed. The in-call scam protection feature is compatible with devices running Android 11 and later versions.
The feature was initially launched as a pilot program in the United Kingdom, where it quickly enrolled applications from the country’s major banks. Google reported that the trial successfully helped “thousands of users end calls that could have cost them a significant amount of money.” Following this success, the company strategically expanded the pilot to include financial apps in Brazil and India. The system is now rolling out in the United States, adding support for popular fintech and banking applications, including Cash App and the JPMorgan Chase mobile banking app. The protection system continues to be refined as it operates in this testing phase.
Beyond relying on this feature, Google emphasizes that users must maintain proactive security habits. This includes being vigilant about unusual requests from unknown callers, such as instructions to install applications from unofficial sources, grant high-level accessibility permissions to new apps, or disable the Play Protect security feature on their device. As a general best practice, users should never rush into any action or share personal information with an unfamiliar caller. Instead, they should always confirm the status of their accounts and the validity of any request by independently contacting their bank or financial institution using a trusted, verified phone number.
Reference:
