hoangbre@gmail.com
In the smartphone industry, there’s an unsaid perception around security and safety. iPhones are the better bet compared to Android. Given the open nature of Google’s smartphone OS, it’s not surprising to see malware and scammy apps finding their way to Android phones, aside from the usual phishing tactics via calls and texts.
Of course, a bit of digital hygiene goes a long way, but scammers will find a way to hoodwink even the most digitally aware among us. Over the past few years, however, Google has taken a more proactive approach to protecting users and has created safeguards that are amiss from iPhones.
Bringing AI into the arena
I know. I know. We’ve all grown tired of the endless AI hype. At its latest I/O developers event, the word AI was mentioned 92 times, while Gemini was brought up on 95 occasions. In the background, Google has deployed practically rewarding AI smarts that will smell fishy behavior in real-time during calls and text interactions with bad actors.
One of those safety nets is AI-powered scam detection in Google Messages and Phone apps. The focus is on targeting conversational scams, where a threat actor slowly manipulates users into sharing sensitive details, making fraudulent transfers, and incurring other forms of loss.
In scenarios where scammers act as representatives of banking institutions or even state officials (something even the FBI has warned about), people often fall for the con. Google says it will rely on “intelligent AI models capable of detecting suspicious patterns and delivering real-time warnings over the course of a conversation.”
The AI will look for suspicious patterns in real-time and will accordingly show a scam warning. Users will also get an option to instantly end the conversation and block the person on the other end. Likewise, during calls, the Gemin Nano AI model will look for signs where the caller starts mentioning details such as payments or pending deliveries, and will accordingly alert users with on-screen, audio, and haptic cues.
Thwarting bad callers at each step
These protections are relatively new, but have been built atop foundations that were laid years ago. In 2022, Google revealed that the built-in machine learning system in the Messages app was flagging 1.5 billion spam, phishing and scam messages on a monthly basis.
Of course, the threat landscape is constantly evolving, and to that end, digital swindlers are constantly trying new ways to trick users. Screen-sharing is one of those routes. To block that risk pathway, one-time passwords (OTPs) triggered via SMS and email no longer appear in the contents of a message if screen sharing is active.
So, even if a scammer has screen sharing privilege, they won’t be directly able to glean it from the incoming notification. In fact, any app that generates OTP notifications is invisible to the screen-sharing flow. Likewise, when users are entering sensitive details such as usernames, passwords and credit card numbers, they are also hidden.
Users can further specify if they only want to share the screen of a single app’s activity, giving them an added layer of privacy. Android 15 also introduced advanced cellular protections to protect users against attacks where scammers are using cell site simulators. If the cellular connection is unencrypted, users will be warned that their calls and messages can be intercepted or at risk of snooping.
Calls are, of course, the best way to launch a social engineering attack, and quite often, scammers pose as employees or representatives of a company to establish trust. To counter that route, Google has a verified call system in place that shows a caller’s name and the business logo right on the incoming call screen, alongside a verified badge.
Vigilance in Messages
Just like calls, the Google Messages app will also look for risk signals and warn users about fake job and package delivery scams using machine learning toolkits. “When Google Messages suspects a potential scam text, it will automatically move the message into your spam folder or warn you,” assures the company.
In a similar vein, Verified SMS badges have been a part of the Messages app since 2019, working in tandem with real-time spam detection. Unlike calls, text messages have their own unique risk factors, such as malware packages and URLs.
To protect users, the app will automatically block messages containing a link from suspicious senders and will issue a warning, as well. Since a lot of scammers use throwaway international numbers, the Messages app deals with that threat, as well.
Users now have an option to automatically hide all incoming messages from international senders that are not in their contacts list. Then there’s the risk of identity theft or impersonation attacks, which are on the rise due to AI deepfakes.
Thieves often do a SIM swap on stolen phones and target their contacts. In order to thwart such attacks, Google has developed a contact key verification system that relies on cryptography to ensure that the person you are talking to is indeed your acquaintance.
Phone-based contact key verification (via QR code scanning or number comparison) will ensure that such impersonation attacks can be flagged, at the very least. Of course, it never hurts to create roadblocks even before an online crook engages in their act.
Read the threat, warn the victim
One such proactive strategy unfolds via Call Screen, a feature that lets an AI answer the incoming call on your behalf and inquire the caller about their name and intent, before you even pick it up. The idea is to vet the identity and avert a risky conversation before a scammer even gets a chance to interact with their target.
But let’s say you picked up the call, regardless. Thanks to the built-in AI systems, users will be warned if the scammer tries to goad them into disabling Google Play Protect safeguards for installing malicious apps. Alerts will also be given mid-way through the call if a hustler tells users to sideload an app, or grant accessibility permissions.
Going a step further, the Phone app will warn users to stop screen-sharing if it detects a suspicious pattern during the call. Google says its onboard AI detection systems in the Phone and Messages app have been trained to sniff toll, billing, crypto, finance, gift card, prize, and technical support scams.
Interestingly, the best you get on Apple devices is blocking and reporting spammy texts and calls. There are no user-facing proactive detection and evasion techniques baked at the heart of iOS, or within Apple’s default call and messaging app that comes pre-installed on iPhones.
In a nutshell, if you’re wary of the ever-expanding scope of call and message-driven scams, invest in an Android phone. And while at it, I’d recommend one of Google’s Pixel smartphones to ensure that you get early access to all the safety tools implemented in their best shape.
It’s just odd to see Google taking the lead with Android safety, while iPhones are riding high on a reputation built years ago, but little to show up for it in terms of innovations in recent times.
