Android reportedly to get a new built-in phishing protection system

To add a new layer of protection to Android users’ security, Google could be working on a built-in phishing detection system that constantly searches for apps with potential strange behavior on your device.

Since our smartphones have become our tools for almost everything, they store a lot of our personal and sensitive data, including credentials to banking services, or even our own Google account.

Fortunately, many services have been adding additional layers of security that make it difficult for potential attackers to access our accounts even if they have the password. For example, there are services that send access verification links to your email or phone number if they detect suspicious logins to your account.

However, just as protection methods have been improving, attackers have also ‘modernized’ and phishing still exists today. With this in mind, Google is reportedly developing a phishing protection system to integrate directly into Android.

According to an Android Police report, the new system will scan the apps on your device to try to detect those whose behavior suggests malicious actions related to potential phishing attacks against your privacy and security.

This seems similar to the Google Play Protect real-time scanning that the company has deployed in some regions, which focuses on detecting apps potentially infected with malware. However, the new system we refer to in this story would be totally focused on detecting behaviors related to phishing attacks.

According to the source, the new system was detected in the Android settings after installing the latest Android 14 QPR2 Beta 2 update. According to its official description, the feature will scan your device for ‘app activity for phishing or other deceptive behavior.’

In addition, the settings also indicate that the scanning is done 100% locally on the device, without the participation of the Google cloud. However, if the system detects any app with suspicious behavior, it will send the information to the company for analysis.

Since there is not yet any type of official documentation in this regard, it is not known how the system determines which activities relate to potential phishing attacks. We will have to wait to see if there are new official updates in this regard in the coming weeks, such as warnings to app developers to avoid certain practices.

In addition to the obvious focus on AI-powered features, Google also seems to be working hard on further strengthening privacy and security on Android. Considering how quickly potential attackers adapt to current methods, any new layer of security is welcome, especially for those less savvy with technology who sometimes tend to touch where they shouldn’t.