{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreifdcrzl56nz7bs4jxvzqu6c4rzbdqjzsfgaxudpamoyyry272uqoe",
"uri": "at://did:plc:awj2q63kg2v3k5xwsjh2uoe3/app.bsky.feed.post/3mlqotpzkdqd2"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreidiqzv6mkvstskqxsuuyzuviyythbffzspyxedk2zcpvf5uvkx6wy"
},
"mimeType": "image/jpeg",
"size": 140408
},
"description": "Android has introduced some new protections against scammers and malware, some powered by agentic AI.",
"path": "/news/2026/05/13/android-introduces-new-privacy-and-security-protections-with-a-focus-on-agentic-ai/",
"publishedAt": "2026-05-13T16:09:08.000Z",
"site": "https://www.privacyguides.org",
"tags": [
"introduced",
"USB protection",
"announced",
"security",
"Private Compute Core",
"protected KVM",
"Private AI Compute"
],
"textContent": "Android has introduced some new protections against scammers and malware, some powered by agentic AI.\n\nOne of the main targets of these new protections are bank scams.\n\nScammers often spoof their caller ID to look like they’re from your bank or another trusted business.\n\nWhen a scammer is calling you as your bank, Android can now ask your bank app if it is calling you. If the bank’s app confirms it’s not calling you, Android will end the call.\n\nBanks can now also designate numbers as inbound-only, meaning they’ll never be used to call customers. Any incoming calls from these numbers will also be ended.\n\nSome of the bank apps that will be participating in the new system are Revolut, Itaú and Nubank, with more banks expected in the future.\n\nGoogle is also expanding its live threat detection to analyze app behavior to try and determine if an app is behaving suspiciously.\n\nWhen an app forwards a message to another number with the accessibility overlay, where information is being continuously displayed that ”could be used to trick you into taking an unintended action.”\n\nGoogle calls this “dynamic signal monitoring.” It will monitor for suspicious behaviors an app performs on the system like opening itself in the background, abusing accessibility permissions, or changing its icon.\n\nGoogle says they can also push new rules out to Android phones as new threats emerge.\n\nUSB protection stops attackers from accessing your USB port when your screen is locked. Currently it’s supported on all Pixel devices running Android 16+, with more supported devices coming in the future.\n\nTheir new Intrusion Logging system will “enable persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise.“ They developed the feature in concert with Amnesty International and Reporters Without Borders.\n\nThis feature should allow for more effective investigations when a devices is suspected to be compromised.\n\nAdvanced Protection mode will now also remove accessibility permissions from apps that aren’t labeled as accessibility tools.\n\nAndroid will now be enabling the anti theft protections they announced earlier this year by default as well.\n\nYou’ll be able to grant temporary location permissions to an app while it’s being used.\n\nGoogle has also now confirmed the new contact picker in this announcement, bringing the ability to give apps access to individual contacts instead of your entire contacts list.\n\nApps with the SMS permission will also now have to wait three hours before they can access time-sensitive SMS OTP codes, since malicious apps sometimes steal these codes to get into your sensitive accounts.\n\nGoogle describes Android as moving from an operating system to an “intelligence system.” As such, a lot of agentic AI features are being rolled out, which infamously have huge potential to impact security.\n\nTo combat this, Google has implemented security protections for its Gemini Intelligence features.\n\nFirstly, you can opt-in or out of each feature individually. There are permission screens to allow access to apps.\n\nGoogle is using their Private Compute Core, protected KVM, and for remote AI, Private AI Compute to secure the data processed by both local and remote AI. It’s unclear exactly _what_ features are protected by which features though. For example, their announcement of Private AI Compute only mentioned the Recorder app making use of it.\n\nChrome’s agentic features released for desktop are now coming to Android, bringing the same potential for exploitation. Google says they’ve implemented safeguards, but the language is a bit vague.\n\nOverall, Android 17 is getting some exciting security upgrades, but the agentic future of Android leaves unanswered questions about what data is processed securely and how to protect yourself against prompt injection attacks or even just AI performing actions you didn’t want it to.",
"title": "Android Introduces New Privacy and Security Protections, with a Focus on Agentic AI",
"updatedAt": "2026-05-13T16:09:08.907Z"
}