On the second day of the Google I/O 2024 conference, Google said on Wednesday that it is adding new security and privacy protections to Android, including on-device live threat detection to catch malicious apps, new safeguards for screen sharing and better security against cell site simulators.
The company said it is increasing the on-device capability of its Google Play Protect system to detect fraudulent apps trying to breach sensitive permissions. It also uses AI to detect if apps are trying to interact with other services and apps in an unauthorized manner.
Google said if the system is certain about malicious behavior, it disables the app automatically. Otherwise, it alerts the company for a review and then alerts users.
The company said the system uses Private Compute Core, a sandbox for securely processing data from sensors like a mic, camera and screen. Multiple OEMs in the Android ecosystem, including Google, Oppo, Honor, Lenovo, OnePlus, Nothing, Transsion and Sharp will roll out live threat detection later this year.
In October, Google introduced a system to scan sideloaded apps automatically to learn about their fraudulent behavior and alert users. However, TechCrunch found that the tool wasn’t able to scan all potentially dangerous apps.
“Live threat detection will look at the behavior of all apps on your device, regardless of their install source, and will continuously look for signals of abuse and malicious behavior. It’s especially helpful in detecting apps that might cloak or obfuscate their behavior to avoid detection,” a Google spokesperson said.
New protections for Android 15
Google is making it tougher for sideloaded apps to directly access sensitive permissions. For that, it is expanding Android 13’s restricted settings feature to include sideloaded apps, web browsers, messaging apps and file managers. This means users will need to explicitly allow access to certain permissions to these apps after installation.
The search giant is also working on features to stop fraudulent apps from reading one-time passwords (OTPs). With Android 15, Google will hide the codes in notifications by default. The only exception of this change is for wearable companion apps.
The company is also hiding notification content from participants during a remote screen-sharing session. Similarly, when entering a username and password, the screen will be hidden from remote viewers.
With Android 15, users can choose to share content from one app during a screen share rather than sharing all activities on their devices. The feature is currently available on Pixel phones.
Advanced security against network threats
Google is adding protections against threats posed by cell site simulators that snoop on network activity like calls and SMS. The company will now notify users about unencrypted cell networks to save them from SMS fraud.
The company said it would also notify users like journalists or dissidents if a proxy cellular station were trying to monitor their activity.