Android security update adds preventative user blocks.<\/p>\n
SOPA Images\/LightRocket via Getty Images<\/p>\n
Update, May 16, 2025: This story, originally published May 14, has been updated with news of more security features that have either arrived or are coming real soon now as part of Android 16, as announced in Google\u2019s latest Android update. <\/p>\n
Usually, when an update stops you from doing things, it\u2019s hardly a cause for celebration. Sometimes, however, it really should be, and Google has just confirmed that with a new Android update that is simultaneously restrictive and freeing. We\u2019ve seen this before with the news that Android smartphones will soon start automatically replacing passwords with passkeys<\/a>, for example. Now, Google has announced a trio of new features for Android smartphones that, while restricting certain activities, will also enhance user security and privacy. Here\u2019s what you need to know.<\/p>\n ForbesMicrosoft Outlook Outage \u2014 What We Know So FarBy Davey Winder<\/a><\/p>\n Don\u2019t Hate This New Android Update, Learn To Love The Restrictions<\/p>\n Anyone who knows me will happily agree that I really don\u2019t like being told what to do, so why am I rather pleased that Google has confirmed a new Android update that imposes restrictions on smartphone users whether they like it or not? Because, dear reader, I\u2019m a security geek, and sometimes the best preventative medicine is the one you\u2019re told to take. Or, as in the latest Android security update, the three not so bitter to swallow attack mitigation pills.<\/p>\n A May 13 announcement from Dave Kleidermacher, Google\u2019s vice president of engineering for Android security and privacy, has confirmed that new in-call security protections<\/a> have been added to the smartphone user armory. These restrictive measures come by way of response to the fact that Google\u2019s own research, Kleidermacher said, showed that threat actors love to persuade victims into performing certain risky actions during a conversation. Actions such as changing default security settings or granting new app permissions, for example. \u201cThese actions can result in spying<\/a>, fraud, and other abuse by giving an attacker deeper access to your device and data,\u201d Kleidermacher warned. Advising that the new security measures are entirely executed on your smartphone device, and then only where a conversation is with someone not already in your existing contacts, Kleidermacher confirmed that Google is \u201cworking to block specific actions and warn you of these sophisticated attempts.\u201d<\/p>\n ForbesNew Android Chrome Attack Warnings Confirmed By GoogleBy Davey Winder<\/a> Announcing Android\u2019s new protections, Google confirmed the three user actions that would now be prevented during a call: disabling Google Play Protect, sideloading an app, changing app accessibility permission and<\/p>\n Google\u2019s Play Protect<\/a> is activated by default, and for good reason: it is continually scanning for malicious app behavior and protecting the user from the consequences. Being persuaded to disable this protection during a call is almost certainly a sign of an attack in progress. Preventing you from being able to do so, therefore, is a good thing.<\/p>\n If you side-load an app<\/a>, meaning that it is from somewhere other than an official Google download store, it leaves you open to installing malware as the app may not have been properly vetted for security issues. The new protections prevent users from sideloading any new app from a web browser, messaging app or any source, during a call.<\/p>\n And finally, if you are persuaded to grant accessibility permissions that you otherwise wouldn\u2019t need, this is a massive red flag from the security and privacy perspectives. Doing so can provide an attacker with access to \u201cgain control over the user\u2019s device and steal sensitive or private data, like banking information,\u201d Kleidermacher warned.<\/p>\n There is a fourth aspect to this Android update, but I\u2019ve not included it in the magic number of three as it\u2019s a prompt rather than a straight restriction. This is when you are using screen sharing during a call, Android will now prompt you to stop sharing when the call ends to prevent an attacker from attempting to gain access to data.<\/p>\n ForbesNew Warning \u2014 Microsoft Copilot AI Can Access Restricted PasswordsBy Davey Winder<\/a> As regular Forbes readers will be only too aware of by now, I am both an enthusiastic supporter and a highly satisfied user of Google\u2019s advanced protection program<\/a> which can prevent any number of Gmail account takeover attacks from succeeding.<\/p>\n The latest Android update announcement has some good news from Google regarding the advanced protection program for Android users. Confirming that the APP \u201cprovides Google\u2019s strongest protections against targeted attacks,\u201d Kleidermacher went on to announce that, for Android 16 users at least, this advanced protection is being extended to include device-level security. Kleidermacher\u2019s confirmation was, truth be told, but a tease; the real detail was to be found in another announcement, this time by Google\u2019s Android security group product manager, Il-Sung Lee.<\/p>\n \u201cAdvanced Protection ensures all of Android\u2019s highest security features are enabled and are seamlessly working together to safeguard you against online attacks, harmful apps, and data risks,\u201d Lee said<\/a>, adding that for Android 16 users, it will combine new features with pre-existing ones. If advanced protection is activated, Lee said, then Android 16 users will gain immediate access to:<\/p>\n More broadly, the Advanced Protection Program restricts the data that apps can access, blocking most non-Google apps and services from accessing Google account data from Drive or Gmail, for example. \u201cIf anyone tries to recover your account,\u201d Google said, \u201cAdvanced Protection takes extra steps to verify your identity.\u201d This means that it can take a few days to verify that you are who you say you are and get access to your Google account back, but it\u2019s a small price to pay for peace of mind against the hacking threat.<\/p>\n \u201cAdvanced Protection gives users the option to equip their devices with Android\u2019s most effective security features for proactive defense,\u201d Lee said, \u201cwith a user-friendly and low-friction experience.\u201d Not least, it means that the Android user is protected from the accidental or malicious disabling of APP security features using a defense-in-depth paradigm. \u201cAdvanced Protection acts as a single control point that enables important security settings across many of your favorite Google apps,\u201d Lee concluded, \u201cincluding Chrome, Google Message, and Phone by Google.\u201d This is one Android update that we can all, surely, get behind.<\/p>\n
\nThe Risky Smartphone Call Actions This Android Update Puts The Kibosh On<\/p>\n
\nAndroid Update Brings New Advanced Protection Program Features To Android 16<\/p>\n\n