Android security update adds preventative user blocks.
SOPA Images/LightRocket via Getty Images
Update, May 16, 2025: This story, originally published May 14, has been updated with news of more security features that have either arrived or are coming real soon now as part of Android 16, as announced in Google’s latest Android update.
Usually, when an update stops you from doing things, it’s hardly a cause for celebration. Sometimes, however, it really should be, and Google has just confirmed that with a new Android update that is simultaneously restrictive and freeing. We’ve seen this before with the news that Android smartphones will soon start automatically replacing passwords with passkeys, for example. Now, Google has announced a trio of new features for Android smartphones that, while restricting certain activities, will also enhance user security and privacy. Here’s what you need to know.
ForbesMicrosoft Outlook Outage — What We Know So FarBy Davey Winder
Don’t Hate This New Android Update, Learn To Love The Restrictions
Anyone who knows me will happily agree that I really don’t like being told what to do, so why am I rather pleased that Google has confirmed a new Android update that imposes restrictions on smartphone users whether they like it or not? Because, dear reader, I’m a security geek, and sometimes the best preventative medicine is the one you’re told to take. Or, as in the latest Android security update, the three not so bitter to swallow attack mitigation pills.
A May 13 announcement from Dave Kleidermacher, Google’s vice president of engineering for Android security and privacy, has confirmed that new in-call security protections have been added to the smartphone user armory. These restrictive measures come by way of response to the fact that Google’s own research, Kleidermacher said, showed that threat actors love to persuade victims into performing certain risky actions during a conversation. Actions such as changing default security settings or granting new app permissions, for example. “These actions can result in spying, fraud, and other abuse by giving an attacker deeper access to your device and data,” Kleidermacher warned. Advising that the new security measures are entirely executed on your smartphone device, and then only where a conversation is with someone not already in your existing contacts, Kleidermacher confirmed that Google is “working to block specific actions and warn you of these sophisticated attempts.”
ForbesNew Android Chrome Attack Warnings Confirmed By GoogleBy Davey Winder
The Risky Smartphone Call Actions This Android Update Puts The Kibosh On
Announcing Android’s new protections, Google confirmed the three user actions that would now be prevented during a call: disabling Google Play Protect, sideloading an app, changing app accessibility permission and
Google’s Play Protect is activated by default, and for good reason: it is continually scanning for malicious app behavior and protecting the user from the consequences. Being persuaded to disable this protection during a call is almost certainly a sign of an attack in progress. Preventing you from being able to do so, therefore, is a good thing.
If you side-load an app, meaning that it is from somewhere other than an official Google download store, it leaves you open to installing malware as the app may not have been properly vetted for security issues. The new protections prevent users from sideloading any new app from a web browser, messaging app or any source, during a call.
And finally, if you are persuaded to grant accessibility permissions that you otherwise wouldn’t need, this is a massive red flag from the security and privacy perspectives. Doing so can provide an attacker with access to “gain control over the user’s device and steal sensitive or private data, like banking information,” Kleidermacher warned.
There is a fourth aspect to this Android update, but I’ve not included it in the magic number of three as it’s a prompt rather than a straight restriction. This is when you are using screen sharing during a call, Android will now prompt you to stop sharing when the call ends to prevent an attacker from attempting to gain access to data.
ForbesNew Warning — Microsoft Copilot AI Can Access Restricted PasswordsBy Davey Winder
Android Update Brings New Advanced Protection Program Features To Android 16
As regular Forbes readers will be only too aware of by now, I am both an enthusiastic supporter and a highly satisfied user of Google’s advanced protection program which can prevent any number of Gmail account takeover attacks from succeeding.
The latest Android update announcement has some good news from Google regarding the advanced protection program for Android users. Confirming that the APP “provides Google’s strongest protections against targeted attacks,” Kleidermacher went on to announce that, for Android 16 users at least, this advanced protection is being extended to include device-level security. Kleidermacher’s confirmation was, truth be told, but a tease; the real detail was to be found in another announcement, this time by Google’s Android security group product manager, Il-Sung Lee.
“Advanced Protection ensures all of Android’s highest security features are enabled and are seamlessly working together to safeguard you against online attacks, harmful apps, and data risks,” Lee said, adding that for Android 16 users, it will combine new features with pre-existing ones. If advanced protection is activated, Lee said, then Android 16 users will gain immediate access to:
- Intrusion Logging
- USB protection
- Disabling of auto-reconnect to insecure networks
- Integration with Scam Detection for Phone by Google (available later this year)
More broadly, the Advanced Protection Program restricts the data that apps can access, blocking most non-Google apps and services from accessing Google account data from Drive or Gmail, for example. “If anyone tries to recover your account,” Google said, “Advanced Protection takes extra steps to verify your identity.” This means that it can take a few days to verify that you are who you say you are and get access to your Google account back, but it’s a small price to pay for peace of mind against the hacking threat.
“Advanced Protection gives users the option to equip their devices with Android’s most effective security features for proactive defense,” Lee said, “with a user-friendly and low-friction experience.” Not least, it means that the Android user is protected from the accidental or malicious disabling of APP security features using a defense-in-depth paradigm. “Advanced Protection acts as a single control point that enables important security settings across many of your favorite Google apps,” Lee concluded, “including Chrome, Google Message, and Phone by Google.” This is one Android update that we can all, surely, get behind.
ForbesNew Hello Pervert Email Attack Warning — ‘I Know Where You Live’By Davey Winder