Google is enhancing Android security with a powerful new feature designed to prevent fraudsters from exploiting users during phone calls. This latest protection, introduced in Android 16 Beta 2, blocks users from modifying sensitive settings while a call is in progress—effectively stopping scammers from manipulating victims into installing malicious apps.
How the New In-Call Protection Works
The in-call anti-scam feature prevents users from enabling the installation of apps from unknown sources and granting accessibility permissions during an active call. If a user attempts to bypass this restriction, they will receive a warning message:
"Scammers often request this type of action during phone call conversations, so it's blocked to protect you. If you are being guided to take this action by someone you don't know, it might be a scam."
Additionally, the feature blocks any attempts to grant an app accessibility privileges while on a call, adding an extra layer of security against malware and phishing schemes.
Why This Matters: Stopping TOAD Scams
This update is a direct response to the growing threat of Telephone-Oriented Attack Delivery (TOAD) scams. Cybercriminals use TOAD tactics to deceive victims into calling fraudulent numbers via SMS-based phishing messages, creating urgency to manipulate them into installing malicious apps.
Recent findings from NCC Group and Finland's National Cyber Security Centre (NCSC-FI) revealed that threat actors distributed malware like Vultr by convincing users to sideload apps through scam calls. This latest security enhancement in Android 16 aims to disrupt these tactics, making it significantly harder for scammers to succeed.
Google's Expanding Anti-Sideloading Measures
This feature is part of Google's broader efforts to limit sideloading risks. The company has recently:
Expanded restricted settings to cover more app permission categories, preventing unauthorized access to sensitive data.
Automatically blocked sideloading of potentially unsafe apps in high-risk regions, including Brazil, Hong Kong, India, Kenya, Nigeria, the Philippines, Singapore, South Africa, Thailand, and Vietnam.
Final Thoughts
With Android 16, Google is taking a proactive approach to counter scam tactics by making unauthorized sideloading more difficult during phone calls. This security enhancement not only safeguards users from potential fraud but also reinforces Android’s commitment to user safety and data protection.
Stay updated with the latest mobile security news and ensure your device is protected from evolving cyber threats!