On Android 16, a single click will enable the strongest security and privacy, and most of your day-to-day account activity will not feel different, Google promises. One of the new, long-awaited additions is USB port locking to charging only, preventing thieves or authorities from accessing the data.
Google touts new security improvements that will come with Android 16.
A single click will enable “Advanced Protection,” which will enhance the device and account security. It is aimed to protect against “the most sophisticated threats.”
Cellebrite, Pegasus, and commercial spyware tools are often used by law enforcement or intelligence agencies, including authoritarian regimes, to spy and extract information from smartphones, either remotely or physically. Cellebrite targets USB ports to access data on locked Android or other devices.
“Whether you’re an at-risk individual – such as a journalist, elected official, or public figure – or you just prioritize security, Advanced Protection gives you the ability to activate Google’s strongest security for mobile devices,” Google announced.
A single switch is supposed to make sure that all the highest security features are enabled and can’t be disabled, while also offering a user-friendly and low-friction experience.
What’s on the list?
One of the new features that will come with the Advanced Protection (AP) is an anticipated USB Protection. It will prevent physical attacks attempting to exploit the USB port. If enabled, the feature will default the port to charging only for any new USB connections while the device is locked.
Google has previously announced the “Inactivity Reboot” feature. The AP will activate it, which means the smartphone will automatically restart if locked for 72 hours and enter the mode known as Before First Unlock (BFU), keeping certain data encrypted.
“This process will make user data unreadable until a fresh unlock takes place, ensuring your information remains protected,” Google explains.
The AP will also prevent phones from connecting to 2G networks and disable auto-reconnect to insecure networks. This means that if you use open Wi-Fi, which is known to be insecure, the device will not reconnect to it automatically in the future.
Another new feature is “powerful, privacy-preserving” intrusion logging. If a compromise is ever suspected, it will allow an in-depth security investigation and analysis of the device. Google will store security logs in the cloud using end-to-end encryption, putting users in control.
The AP will ensure that many existing security features cannot be disabled. These include the following:
- Only known apps from pre-loaded apps will be allowed. For selected devices and apps, Memory tagging extensions will also be enabled, which is a powerful feature that prevents apps from corrupting memory.
- Google Play Protect will make sure that built-in malware and unwanted software protection is running.
- Theft Detection will automatically lock the device if it detects suspicious activity.
- An unlocked device will automatically lock itself if it goes offline for prolonged periods.
- Android detects and protects against unwanted and potentially harmful messages and unsafe links. It also automatically screens incoming calls and blocks or declines those identified as spam. Google uses AI for real-time warnings if a phone conversation exhibits patterns indicative of a potential scam.
- Web security will be enhanced by keeping Android Safe Browsing enabled, which safeguards from malicious websites. HTTPS will be enforced, and Chrome will also disable its JavaScript optimizer, reducing potential security exposure.
“Advanced Protection makes security easy and accessible. You don’t need to be a security expert to benefit from enhanced security,” Google said. “With the release of Android 16, users who choose to activate Advanced Protection will gain immediate access to a core suite of enhanced security features.”
However, the new Intrusion Logging, USB protection, and some other security features will become available later this year.
Google already offers account-level Advanced Protection features for journalists, activists, business executives, people involved in elections, and other users “with high visibility and sensitive information from targeted online attacks.” It adds extra safeguards from phishing, malicious downloads, account hijacks, and information theft.
Additional security features announced
Google also introduced a suite of other data security and privacy protections that will harden smartphone users against scams, fraud, impersonation, mobile theft, and other threats in 2025.
The new in-call protections prevent users from taking risky security actions during a call, like disabling Google Play Protect, sideloading apps, or granting permissions that would help hackers gain control and steal data.
“If you’re screen sharing during a phone call, Android will now automatically prompt you to stop sharing at the end of a call.”
Google is also piloting a feature that warns Android 11+ users if they open a banking app while screen sharing with an unknown contact.
Recently launched AI-powered, on-device scam detection now identifies more types of scams, including crypto, toll road, billing fee, tech support, financial impersonation, gift card/prize, and other scams.
Conversational scams might sound innocent at first, but they can turn malicious and lead to financial loss or data theft.
“When Scam Detection discovers a suspicious conversation pattern, it warns you in real-time so you can react before falling victim to a costly scam,” Google explains.
Google Messages also introduced a new tool called Key Verifier, which helps verify the identity of another person you’re messaging with and keeps the conversation encrypted.
To use this feature, users need to verify contact keys in the Google Contacts app through a QR code scanning or number comparison.
“For example, if an attacker gains access to a friend’s phone number and uses it on another device to send you a message – which can happen as a result of a SIM swap attack – their contact's verification status will be marked as no longer verified in the Google Contacts app, suggesting your friend’s account may be compromised or has been changed,” Google explains.
Key Verifier will launch later this summer in Google Messages on Android 10+ devices.
For stronger mobile theft protection, Google launched a feature called Identity Check for Pixel and Samsung devices. It provides an extra layer of security when the PIN or password is compromised. This feature will also be available on supported Android 16 devices.
Google improved Factory Reset safeguards, introduced one-time password hiding on lock screens, and enhanced Remote Lock control with security questions.
The tech giant also makes Play Protect smarter. It will detect apps with misleading or hidden icons and alert users about deceptive behavior.
“Google Play Protect live threat detection will catch apps and alert you when we detect this deceptive behavior. This feature will be available to Google Pixel 6+ and a selection of new devices from other manufacturers in the coming months.
Your email address will not be published. Required fields are markedmarked