Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress.
Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority.
Users who attempt to do so during phone calls are served the message: “Scammers often request this type of action during phone call conversations, so it’s blocked to protect you,” If you are being guided to take this action by someone you don’t know, it might be a scam.”
Furthermore, it blocks users from giving an app access to accessibility over the course of a phone call.
The feature is currently live in Android 16 Beta 2, which was released earlier this week. With this latest addition, the idea is to introduce more friction to a tactic that has been commonly abused by malicious actors to deliver malware.
Dubbed telephone-oriented attack delivery (TOAD), these approaches involve sending SMS messages to prospective targets and instructing them to call a number by inducing a false sense of urgency.
Last year, NCC Group and Finland’s National Cyber Security Centre (NCSC-FI) disclosed that cybercriminals were distributing dropper apps using a combination of SMS messages and phone calls to trick them into installing malware such as Vultr.
The development comes after Google expanded restricted settings to cover more permission categories in order to prevent sideloaded apps from accessing sensitive data.
It has also rolled out the ability to automatically block sideloading of potentially unsafe apps in markets like Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, Singapore, South Africa, Thailand, and Vietnam to tackle fraud.
