Android 15 introduces advanced features to protect users from scams and malicious apps

ReportMay 15, 2024Editorial DepartmentAndroid Security/Malware

Google has launched a series of new features in Android 15 to prevent malicious apps installed on the device from harvesting sensitive data.

This constitutes an update to the Play Integrity API that third-party application developers can use to protect their applications from malware.

Dave Kleidermacher, vice president of security and privacy engineering at Android, said: “Developers can check to see if other apps are running that might be capturing the screen, creating overlays, or controlling the device.”

“This is helpful for apps that want to hide sensitive information from other apps and protect users from scammers.”

In addition, the Play Integrity API can be used to check that Google Play Protect is active and that the user’s device is free of known malware before performing sensitive operations or processing sensitive data.

Google introduced a feature called “Restricted Settings” in Android 13, which by default prevents sideloaded apps from accessing notifications and requesting accessibility permissions.

In the latest versions of mobile operating systems, this functionality has been expanded by seeking user approval before enabling permissions when sideloading apps from web browsers, messaging apps, and file managers.

“Developers can also choose to receive recent device activity to check if the device is performing too many integrity checks, which could be a sign of an attack,” Kleidermacher added.

These changes directly target Android banking trojans, which are known to abuse Accessibility Services API permissions to perform overlay attacks and disable security mechanisms on the device to obtain valuable data.

That said, Android malware such as Anatsa has been found to circumvent restrictions in recent months, suggesting that threat actors continue to work on devising ways to breach security guardrails.

“We are constantly working to improve and evolve our protections to stay ahead of bad actors,” a Google spokesperson told The Hacker News.

“We recently began piloting Enhanced Fraud Protection with Google Play Protect in countries where malicious Internet sideloading is prevalent. Enhanced Fraud Protection will block all sources from Internet sideloading sources (messaging apps, websites, files, etc.) Manager), these sources often use permissions that are abused for financial fraud.

In addition to its efforts to combat scams and scams, Google is also beefing up cellular security if a user’s cellular connection is not encrypted and if fake cell towers or surveillance tools like Stingray are logging them using device identifiers location, an alert will be sent to the user.

The tech giant said it is working closely with ecosystem partners, including original equipment manufacturers (OEMs), to make these features available to users over the next few years.

That’s not all. The company is tightening control over screen sharing in Android 15 by automatically hiding notification content, preventing one-time passwords (OTPs) sent via SMS from being displayed during screen sharing.

“With the exception of a few types of apps, such as wearable companion apps, one-time passwords are now hidden in notifications, closing a common attack vector for fraud and spyware,” Kreidmacher said.

To complement the new scam and scam protection features, Google said it is enriching Play Protect’s on-device AI capabilities with real-time threat detection to better identify malicious apps. This method leverages the Private Compute Core (PCC) infrastructure to flag unusual patterns on the device.

“Through real-time threat detection, Google Play Protect’s on-device artificial intelligence will analyze other behavioral signals related to the use of sensitive permissions and interactions with other apps and services,” Kleidermacher said.

“If suspicious behavior is detected, Google Play Protect can send the app to Google for further review and then warn the user or disable the app if malicious behavior is confirmed.”

Real-time threat detection also builds on recently added capabilities that allow real-time scanning at the code level to combat new malicious applications and help discover emerging threats.