Google has unveiled a groundbreaking security feature in Android 16 Beta 2 aimed at combating phone scams by blocking users from altering sensitive settings during active phone calls.
This feature, currently live in the beta version, prevents enabling permissions like sideloading apps and granting accessibility access, both of which are commonly exploited by scammers.
Phone scams have become increasingly sophisticated, often leveraging psychological manipulation to trick victims into granting permissions that enable malware installation.
A common tactic involves guiding victims over the phone to enable sideloading or accessibility permissions, which allow malicious apps to bypass safeguards and gain control of the device.
Recognizing this vulnerability, Google has introduced “in-call anti-scammer protection” in Android 16.
Android Authority reports that the system detects when a call is active, and blocks attempt to modify these critical settings. If a user tries to enable such permissions during a call, they are met with a warning message, such as:
This proactive measure introduces friction into the scam process, potentially disrupting the scammer’s flow and giving victims time to reconsider their actions.
Key Features of the New Security Measure
Blocking Sideloading Permissions During Calls:
Sideloading, which allows apps to install other apps outside official app stores, is disabled by default for security reasons.
Android 16 now prevents users from enabling this permission while on a call. The feature builds on existing restrictions in Google’s Advanced Protection Mode.
Restricting Accessibility Access:
Accessibility permissions allow apps to read screen content and perform actions on behalf of users—a capability often exploited by malware.
Android 16 blocks granting these permissions during calls, further reducing the risk of unauthorized control.
Warning Prompts:
Users attempting to bypass these restrictions receive clear warnings about potential scams, encouraging them to verify the legitimacy of the caller.
Enhanced Confirmation Mode:
This feature extends protections introduced in Android 15, adding more stringent safeguards against unauthorized access to sensitive settings.
Technical Insights and Broader Implications
The new security feature is part of Google’s ongoing efforts to enhance user safety amid rising threats like telephone-oriented attack delivery (TOAD) scams.
These scams often involve sending fraudulent SMS messages or inducing urgency through phone calls to trick users into installing malware.
By integrating these protections into Android 16 Beta 2, Google aims to reduce fraud cases significantly.
While scammers might still instruct victims to hang up and enable permissions later, the added step introduces enough friction to disrupt their tactics.
Additionally, Android 16 includes broader security enhancements such as protection against intent redirection attacks and improved app compatibility for large-screen devices.
The anti-scammer protections are currently live in Android 16 Beta 2, available for Pixel devices (Pixel 6 and newer).
The final release of Android 16 is expected later in Q2 2025. With these features set for public rollout, users can look forward to a safer mobile experience that prioritizes privacy and fraud prevention.
As scams grow more sophisticated with advancements in AI, Google’s new approach marks a significant step toward mitigating risks and empowering users with robust defenses against cyber threats.
PCI DSS 4.0 & Supply Chain Attack Prevention – Free Webinar