Android 15, Google Play Protect get new anti-malware and anti-fraud features

Today, Google announced new security features coming to Android 15 and Google Play Protect that will help block scams, fraud, and malware apps on users’ devices.

Announced at Google I/O 2024, the new features are designed not only to help end users but also to warn developers when their apps have been tampered with.

“Today, we’re announcing more new fraud and scam protection features coming in Android 15 and Google Play services updates later this year to help better protect users around the world,” reads a Google blog post from Dave Kleidermacher, VP Engineering, Android Security and Privacy.

“We’re also sharing new tools and policies to help developers build safer apps and keep their users safe.”

Protecting against spyware, banking malware

Google is introducing numerous new features in Android 15 that are aimed at blocking banking trojans and spyware from stealing your information.

Android banking trojans are used to steal users banking credentials by displaying fake login overlays, stealing MFA codes from notifications/messages, and allowing threat actors to remotely control devices.

Over the years, researchers have illustrated how Android malware commonly steals one-time passcodes from messages and notifications. Last year, a new version of the Xenomorph Android malware took it a step further by allowing MFA codes to be stolen from Google Authenticator.

Google has announced new security features that cause one-time passcodes to be hidden from notifications so that malware cannot steal them.

The company is also expanding its restricted settings feature to include additional permissions that users must explicitly grant apps to prevent them from stealing data.

Google says they are also introducing new features that protect against screen-sharing attacks conducted via social engineering.

When Android is in screen-sharing mode, the operating system will automatically block sensitive information from appearing in notifications so that it cannot be stolen by remote threat actors.

“During screen sharing, private notification content will be hidden, preventing remote viewers from seeing details in a user’s notifications,” explains Kleidermacher.

“Apps that post OTPs in notifications will be automatically protected from remote viewers when you’re screen sharing, helping thwart attempts to steal sensitive data.”

This new feature will also prevent your screen from being shown to attackers when entering credentials and credit card information during a screen-share session. A feature rolling out later this year will display more prominent indicators when screen sharing is active.

Finally, Google is rolling out notifications alerting you when connected to an unencrypted cellular network to block Stingray attacks.

“We’ll notify you if your cellular network connection is unencrypted, potentially exposing voice and SMS traffic to radio interception, and potentially visible to others. This can help warn users if they’re being targeted by criminals who are trying to intercept their traffic or inject a fraud SMS message,” Kleidermacher further shared.

“We’ll help at risk-users like journalists or dissidents by alerting them if a potential false cellular base station or surveillance tool is recording their location using a device identifier.”

Bringing AI to Google Play

Google says they are introducing a new feature called Google Play Protect live threat detection, which uses on-device artificial intelligence to detect when an Android app performs suspicious behavior.

The app is then sent back to Google for review, and users are warned to disable it until it can be determined if it is malicious.

For developers, Google has updated its Play Integrity API to allow developers to check if apps are running in secure environments.

The API has now been updated to allow dev to check the following in-app signals:

  • Risk From Screen Capturing or Remote Access: Developers can check if there are other apps running that could be capturing the screen, creating overlays, or controlling the device. This is helpful for apps that want to hide sensitive information from other apps and protect users from scams.
  • Risk From Known Malware: Developers can check if Google Play Protect is active and the user device is free of known malware before performing sensitive actions or handling sensitive data. This is particularly valuable for financial and banking apps, adding another layer of security to protect user information.
  • Risk From Anomalous Devices: Developers can also opt-in to receive recent device activity to check if a device is making too many integrity checks, which could be a sign of an attack.

Google says all these features will be rolling out to Android users via Google Play services updates and Android 15 later this year.