In an effort to enhance user security, Google has unveiled a new feature in Android 16 Beta 2 that prevents users from altering specific settings during active phone calls. This measure aims to thwart scammers who exploit such moments to deceive users into installing malicious software.
Understanding the Threat: Telephone-Oriented Attack Delivery (TOAD)
Scammers employ a tactic known as Telephone-Oriented Attack Delivery (TOAD), where they send SMS messages urging recipients to call a particular number. During the ensuing conversation, the fraudster creates a sense of urgency, persuading the victim to modify device settings to permit the installation of harmful applications. This method has been increasingly used to distribute malware, as highlighted by cybersecurity organizations like NCC Group and Finland’s National Cyber Security Centre (NCSC-FI).
Key Features of the In-Call Protection
The newly introduced security feature in Android 16 Beta 2 focuses on two critical settings:
- Blocking App Installations from Unknown Sources During Calls: Users attempting to enable installations from unknown sources while on a call will receive a warning message stating, “Scammers often request this type of action during phone call conversations, so it’s blocked to protect you.”
- Restricting Accessibility Access Changes During Calls: The system prevents users from granting accessibility permissions to apps during an active call, a common request from scammers aiming to gain control over the device.
How to Experience This Feature
Currently, this security enhancement is available in the Android 16 Beta 2 release. Users interested in exploring this feature can enroll in the Android Beta Program and update their devices accordingly.
Broader Security Initiatives by Google
This development aligns with Google’s ongoing efforts to bolster Android’s security framework. Previously, the company expanded restricted settings to encompass more permission categories, aiming to prevent sideloaded apps from accessing sensitive data. Additionally, Google has implemented measures to automatically block the sideloading of potentially unsafe apps in regions such as Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, Singapore, South Africa, Thailand, and Vietnam, as part of its strategy to combat fraud.
