Google is introducing a new security feature for Android aimed at protecting users from scammers trying to exploit phone calls. This feature specifically targets actions that could make a device vulnerable during active calls, such as changing settings that allow apps to be installed from unknown sources or granting accessibility access. The goal is to prevent fraudsters from manipulating users into installing malicious apps during phone calls by creating a sense of urgency.
When users attempt to perform these actions during a call, Android displays a warning message. The message informs them that such actions are often requested by scammers and that blocking these settings is a measure to protect the user. The warning suggests that if someone unknown is guiding the user to take such actions, it might be a scam.
This feature is designed to create more barriers to tactics commonly used by fraudsters, such as phone-oriented attack delivery (TOAD).
TOAD involves sending SMS messages urging users to call a number, where scammers exploit the situation to convince them to change settings on their devices. This has been a frequent method for delivering malware, including malicious apps like Vultr. The new in-call security measures aim to add extra friction to this process, making it harder for cybercriminals to successfully execute their schemes.
The feature was introduced in Android 16 Beta 2 and is part of a broader initiative by Google to tighten security. In addition to this in-call protection, Google has expanded restricted settings for more categories of permissions to prevent apps from sideloading and accessing sensitive data. The company has also begun blocking sideloading of potentially unsafe apps in select countries, including Brazil, India, and South Africa, to reduce the risks posed by fraud and malware.
