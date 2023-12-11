No matter how technologically savvy you are, you’re not immune to phishing. Phishing, for those of you who aren’t aware, is a type of cyberattack that hackers employ to get users to hand over their sensitive information. Phishing attacks can get really sophisticated, which is why it’s important to always be vigilant and double check that the app or website you’re entering your credentials into is legitimate. To better protect regular users from phishing attacks on Android, Google seems to be preparing a new feature that will automatically detect if apps are fishy.

While digging through the new Android 14 QPR2 Beta 2 release, I managed to surface a hidden “scanning for deceptive apps” page under Settings → Security & privacy → More security & privacy. Once enabled, this feature will apparently check “app activity for phishing or other deceptive behavior.” This will apparently be done by scanning the app for certain signs of deceptive behavior. Google says that “scanning runs privately right on your device” and that if phishing or other deceptive behavior is found, “some app info is sent to Google Play Protect to confirm the threat and warn app users.”

Close

"Scanning for deceptive apps" under Settings → Security & privacy → More security & privacy

Exact details on how Android will detect deceptive apps remain murky given that Google hasn’t announced or shared any documentation on this feature. A cursory glance at Android 14 QPR2’s decompiled source code reveals a new system service called “ContentProtection” that seems like it will try to detect when an app is trying to show a password field (it checks for common password-related strings like "password", "pass word", "code") or asks the user for related things, like "user" (for username), "mail" (for email), "phone", "number", "login", "log in", "sign in". Android seems to be using a blocklist to ensure that this mechanism isn’t employed on certain apps, and it also seems to check whether an app is a system app or whether it requests the Internet permission.

Android’s upcoming anti-phishing measure joins other real-time security features recently implemented by Google Play Protect. Given how quickly malware evolves to evade detection, it remains to be seen whether Android’s built-in feature will be useful. Still, any feature that improves security is welcome, and we hope that this feature can save at least a couple of users from handing over their login credentials to a malicious third-party.