Google has added a new security mode to the upcoming Android 16 OS — Advanced Protection. In this mode, the smartphone will be able to repel several known types of attacks, such as the interception of calls through unprotected operator networks or the sending of fraudulent messages.
The new protection features come amid ongoing concerns about mobile device security. Reports indicate that the Israeli NSO Group continues to develop and sell tools for hacking smartphones. These tools exploit zero-day vulnerabilities to access contacts, message history, location data, and other private information. Alarmingly, such hacking methods have proven effective even after the release of Google Android and Apple iOS updates.
In response, Google is rolling out the Advanced Protection mode to shield users from these sophisticated threats. When this option is enabled in device settings, it activates a suite of tools designed to block some of the techniques used in complex attacks. However, Google notes that device performance may be affected and certain functions may be disabled. For this reason, the mode is recommended primarily for journalists, government officials, and individuals who may be targeted due to their profession or exposure.
This year, Google’s expanded security suite will include intrusion logging, USB protection, an option to disable automatic reconnection to unsecured networks, and integration with fraud detection features in the Google Phone app. We’ll keep you updated as more integrations become available.
Key Features of Enhanced Protection Mode
The main features of Android’s Advanced Protection include:
-
Blocking 2G network connections, which are vulnerable due to lack of encryption, to prevent voice and text monitoring;
-
Blocking automatic connections to unsecured Wi-Fi, including those using outdated WEP encryption or none at all;
-
Memory Tagging Extension, designed to defend against attacks targeting the memory subsystem;
-
Automatic device lock after prolonged inactivity or disconnection;
-
Automatic device shutdown after extended lock periods, ensuring data becomes unreadable without a proper unlock;
-
Intrusion logging, which records system events in a secure device area to help identify and investigate hacking attempts;
-
JavaScript protection, which disables an optimizer that may be used in certain exploit types.
Apple introduced a similar “Lockdown” mode in iOS back in 2022, reminds NIXSolutions. Both companies aim to reduce potential attack surfaces by disabling non-essential, high-risk features. In some cases, Android’s enhanced protection may operate almost identically to standard mode — much like Apple’s implementation.