Connect with us

Hi, what are you looking for?


Mobile & Wireless

Android 15 Brings Improved Fraud and Malware Protections

Google is boosting fraud and malware protections in Android 15 with live threat detection and expanded restricted settings.

Android security

Google on Wednesday announced improved security features and AI-powered protections in Android 15, meant to keep users safe from fraud and malware.

Play Protect, which scans 200 billion Android apps every day, and which was recently enhanced with real-time code scanning, is getting live threat detection, to expand its on-device AI capabilities and prevent fraud and abuse.

“With live threat detection, Google Play Protect’s on-device AI will analyze additional behavioral signals related to the use of sensitive permissions and interactions with other apps and services,” Google explains.

When detecting anomalous behavior, Google Play Protect can send the suspicious application to Google to be reviewed, and will warn the user or disable the application if the malicious behavior is confirmed.

“The detection of suspicious behavior is done on device in a privacy preserving way through Private Compute Core, which allows us to protect users without collecting data,” the internet giant says.

The live threat detection will be rolling out later this year to Google Pixel users, as well as to devices from Honor, Lenovo, Nothing, OnePlus, Oppo, Sharp, Transsion, and other smartphone makers.

To further boost protections against fraud and scams, Android 15 will hide one-time passwords from notifications, except for some types of applications, such as wearable companion software.

Building on the enhanced fraud protections announced in February, expanded Android 13 restricted settings will require “additional user approval to enable permissions when installing an app from an Internet-sideloading source”.

Advertisement. Scroll to continue reading.

The internet giant says it is also working on other AI-powered protections, such as scam call detection, which will warn users when identifying conversation patterns typically associated with fraud and scams.

Android 15 will also include tightened screen sharing controls, hiding private notification content, hiding the screen when the user enters sensitive information such as credentials and credit card numbers, and the ability to share just one app’s content (currently available on Pixel devices).

“Having clear content sharing indicators is important for users to understand when their data is visible. A new, more prominent screen indicator coming to Android devices later this year will always let you know when screen sharing is active, and you can stop sharing with a simple tap,” Google explains.

To protect users from threat actors relying on cell site simulators to snoop on them or send them fraudulent SMS messages, Android 15 will notify users when the cellular network connection is unencrypted, and will alert at risk-users if a cellular base station or surveillance tool is recording their location. Compatible hardware and device OEM integration is required for both features.

Additionally, Google is updating the Play Integrity API to allow developers to check whether other running applications could be capturing the screen, displaying overlays, or controlling the device, and to check whether Play Protect is working and if the device is clean before performing sensitive actions.

Developers will also have the option to receive information on recent device activity and check if there are too many integrity checks performed, which could indicate an attack. The developers will be able to set their applications to warn the user or turn on Play Protect before continuing.

Later this year, Android will also require that applications demonstrate the need to access users’ photos and videos, while photo picker will support both cloud and local storage search.

Related: Google Blocked 2.28 Million Apps from Google Play Store in 2023

Related: Unwanted Tracking Alerts Rolling Out to iOS, Android

Related: Google Announces Enhanced Fraud Protection for Android

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.