Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Android spyware protection. Show all posts
Technology
Android spyware protection Google Android security Intrusion Logging feature Technology

Google Launches New Android Security Tool to Identify Spyware and Device Intrusions

 

Google has started rolling out a new optional security feature for Android users called “Intrusion Logging,” aimed at helping cybersecurity experts and investigators detect spyware-related attacks on devices.

The feature is part of Android’s Advanced Protection Mode, a security-focused setting introduced by Google last year to strengthen device protection against sophisticated hacking attempts. The mode was specifically designed to defend users from government-grade spyware and forensic tools used by law enforcement agencies to extract private information from smartphones.

In some documented cases, both forensic tools and spyware have reportedly been used together. Authorities in Serbia, for instance, allegedly used a forensic unlocking tool developed by Cellebrite to gain access to a device before installing spyware for continued surveillance.

With Intrusion Logging, Google is introducing a dedicated logging system that records security-related activities and unusual software behavior. The feature is considered significant because it gives researchers better visibility into possible spyware infections and intrusion attempts on Android devices.

Amnesty International, which collaborated with Google on the project, described Intrusion Logging as “a fundamental shift in the amount and quality of forensic data available on Android devices.”

“Until now, forensic analysis has relied on logs that were never designed for intrusion detection,” Amnesty wrote in a detailed blog post explaining the feature. Earlier logging systems were limited because data was often overwritten quickly, making it difficult for researchers to trace evidence of attacks.

Donncha Ó Cearbhaill, head of Amnesty’s Security Lab, also highlighted the challenges investigators previously faced with Android systems. He said Android’s technical limitations “have made it difficult to deeply analyze system logs and files for signs of compromise, unlike with iOS.”

“These limits have meant we’ve been unable to reliably detect known attacks against Android,” added Ó Cearbhaill, who has investigated spyware abuse cases globally for several years.

Google had first announced Intrusion Logging nearly a year ago, but the company has now begun officially deploying it. According to a recent Google blog post, the feature “is currently rolling out to all devices running the Android 16 December update and newer.”

How the Intrusion Logging Feature Works

The feature records and stores security-related system events that may indicate suspicious activity or device compromise. Logs are generated daily and securely backed up in encrypted form to the user’s Google account. This cloud-based storage method is intended to stop spyware from erasing evidence from the device itself.

Google says the logs remain encrypted and can only be accessed or shared by the device owner, meaning even Google cannot read them.

Intrusion Logging tracks several activities, including device unlock events, app installations and removals, website and server connections, and any use of Android Debug Bridge (ADB), a tool commonly used to connect Android devices to computers or forensic systems like Cellebrite.

The system can also identify attempts to delete logs, which could suggest efforts to hide traces of an attack.

Cybersecurity researchers believe the logs could help determine whether a phone was forcibly unlocked, connected to forensic extraction tools, or infected with spyware or stalkerware. The data may also reveal if the device interacted with malicious websites or servers designed to steal information.

However, the feature currently comes with certain limitations. Users must enable Advanced Protection Mode, install the latest Android software, and use a compatible Google Pixel device linked to a Google account.

Additionally, because the logs include browsing history and connection records, some users may have concerns about sharing sensitive information with investigators.

Google says Advanced Protection Mode and Intrusion Logging are particularly useful for individuals at higher risk of surveillance, including journalists, activists, dissidents, and human rights defenders.

The feature has similarities to Apple’s Lockdown Mode, which was introduced for users vulnerable to spyware attacks. Apple previously stated that it had not detected any successful spyware breaches on devices with Lockdown Mode enabled. In 2023, researchers at Citizen Lab also reported that Lockdown Mode blocked an attempted spyware infection linked to NSO Group.

Amnesty International has also published detailed instructions explaining how users can download and review Intrusion Logging data if they suspect they have been targeted by spyware.

Over the years, companies including Apple, Google, and Meta have regularly issued threat notifications to users believed to be targets of spyware campaigns, helping researchers uncover and investigate cases of digital surveillance.
Read more »
Subscribe to: Posts (Atom)