Google has introduced a new protective function in Android, aimed at blocking changes in critically important settings during a phone call to counteract fraudulent schemes. This measure is put in place to prevent attackers from persuading victims to manually establish malicious applications.
Users will now be restricted from enabling the installation of applications from unknown sources or providing programs with access to accessibility functions during a phone call. If any attempts are made to change these settings, a notification warning of a potential fraudulent attack will appear, along with recommendations to avoid following suspicious instructions.
This innovation targets techniques such as Telephone-Oriented Attack Delivery (Toaad), where criminals send SMS messages with false information to potential victims, prompting them to call a specified number. During the conversation, fraudsters manipulate users into changing device settings in order to download harmful software.
The new function is currently available in the beta version of Android 16, which was released last week. It complements existing Google restrictions on sensitive permits for manually installed applications.
Google is actively working on developing mechanisms to prevent the installation of potentially dangerous programs, especially in countries with a high cybercrime rate like Brazil, India, Kenya, and the Philippines. In these regions, Android automatically blocks the download of suspicious apk-files.
These safety measures implemented by Google are designed to reduce the occurrence of attacks that utilize social engineering techniques, as well as create additional barriers to the spread of malware through phone calls.