Android Introduces New Privacy and Security Protections, with a Focus on Agentic AI

Android has introduced some new protections against scammers and malware, some powered by agentic AI.

One of the main targets of these new protections are bank scams.

Scammers often spoof their caller ID to look like they’re from your bank or another trusted business.

When a scammer is calling you as your bank, Android can now ask your bank app if it is calling you. If the bank’s app confirms it’s not calling you, Android will end the call.

Banks can now also designate numbers as inbound-only, meaning they’ll never be used to call customers. Any incoming calls from these numbers will also be ended.

Some of the bank apps that will be participating in the new system are Revolut, Itaú and Nubank, with more banks expected in the future.

Google is also expanding its live threat detection to analyze app behavior to try and determine if an app is behaving suspiciously.

When an app forwards a message to another number with the accessibility overlay, where information is being continuously displayed that ”could be used to trick you into taking an unintended action.”

Google calls this “dynamic signal monitoring.” It will monitor for suspicious behaviors an app performs on the system like opening itself in the background, abusing accessibility permissions, or changing its icon.

Google says they can also push new rules out to Android phones as new threats emerge.

USB protection stops attackers from accessing your USB port when your screen is locked. Currently it’s supported on all Pixel devices running Android 16+, with more supported devices coming in the future.

Their new Intrusion Logging system will “enable persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise.“ They developed the feature in concert with Amnesty International and Reporters Without Borders.

This feature should allow for more effective investigations when a devices is suspected to be compromised.

Advanced Protection mode will now also remove accessibility permissions from apps that aren’t labeled as accessibility tools.

Android will now be enabling the anti theft protections they announced earlier this year by default as well.

You’ll be able to grant temporary location permissions to an app while it’s being used.

Google has also now confirmed the new contact picker in this announcement, bringing the ability to give apps access to individual contacts instead of your entire contacts list.

Apps with the SMS permission will also now have to wait three hours before they can access time-sensitive SMS OTP codes, since malicious apps sometimes steal these codes to get into your sensitive accounts.

Google describes Android as moving from an operating system to an “intelligence system.” As such, a lot of agentic AI features are being rolled out, which infamously have huge potential to impact security.

To combat this, Google has implemented security protections for its Gemini Intelligence features.

Firstly, you can opt-in or out of each feature individually. There are permission screens to allow access to apps.

Google is using their Private Compute Core, protected KVM, and for remote AI, Private AI Compute to secure the data processed by both local and remote AI. It’s unclear exactly what features are protected by which features though. For example, their announcement of Private AI Compute only mentioned the Recorder app making use of it.

Chrome’s agentic features released for desktop are now coming to Android, bringing the same potential for exploitation. Google says they’ve implemented safeguards, but the language is a bit vague.

Overall, Android 17 is getting some exciting security upgrades, but the agentic future of Android leaves unanswered questions about what data is processed securely and how to protect yourself against prompt injection attacks or even just AI performing actions you didn’t want it to.