Droid Tools

Tag: malicious

  • Android 17 Security Features: Anti-Scam Calls, Theft Protection, and Privacy Controls Explained

    Android 17 Security Features: Anti-Scam Calls, Theft Protection, and Privacy Controls Explained

    Google is significantly raising the security bar for Android devices in 2026 with Android 17. The update delivers a broad sweep of security and privacy improvements targeting some of the most common threats users face today — financial fraud, physical device theft, and invasive app tracking.

    Android 17 tackles phone scams at the call level

    One of the most persistent and costly attack vectors involves caller ID spoofing, where criminals disguise their number to impersonate a legitimate bank. This tactic contributes to nearly $950 million in losses globally every year. Google’s response is verified financial calls.

    android 17 scam protection

    On devices running Android 11 or higher, the system will work silently in the background alongside banking apps like Revolut and Nubank. When an incoming call arrives, Android checks with the bank to confirm whether the call is genuine. If it isn’t, the call is terminated automatically — before the user even has a chance to answer. The scam is blocked at the source rather than after the damage is done.

    Android 17 AI-powered app behavior monitoring

    Android 17 also makes the platform significantly better at identifying malicious apps after they’ve been installed. The updated Live Threat Detection uses on-device AI to continuously monitor how apps behave in practice. If an app begins forwarding SMS messages, attempts to conceal its icon, or tries to launch silently from the background, the system flags the suspicious behavior and alerts the user.

    android 17 app protection

    Chrome on Android gets a new layer of protection as well. At the moment an APK file is downloaded, Chrome will evaluate it against known malware signatures and issue a warning before the file even reaches local storage.

    Stolen phones become far less useful to thieves

    Physical theft isn’t just about losing hardware — the data inside is often worth far more. Android 17 introduces a biometric lock for the “Mark as Lost” feature, meaning a thief who has obtained a user’s passcode still can’t disable tracking or regain access without a fingerprint or face scan.

    android 17 theft protection

    Google is also expanding its default-on theft protection features globally. New and upgraded devices will automatically enable Remote Lock and Theft Detection Lock, which use onboard sensors to detect when a phone has been grabbed and instantly lock the screen in response.

    More granular control over what apps can access

    Privacy permissions are getting more precise with Android 17’s new one-time location sharing. Rather than granting a café app permanent GPS access, users can share their precise location only for the current moment while the app is open — and nothing beyond that.

    android 17 apps acces

    A similar approach is coming to contacts. A new contact picker lets users share only the specific contacts an app needs, rather than handing over full access to the entire address book. Apps get only what’s necessary, nothing more.

    Verifying the integrity of Android itself

    Security also extends to the operating system at its core. Google has observed a rise in unofficial, modified Android builds designed to mimic legitimate software while secretly compromising user data. Android 17 addresses this with Android OS verification, launching initially on Pixel devices.

    android 17 protection

    The feature allows users to confirm that their phone is running an official, widely distributed build of Android. A public, cryptographically verifiable “Source of Truth” ledger provides proof that both the apps and the OS itself are authentic production versions — making it effectively impossible for a fake Android build to hide its intent behind a familiar-looking interface.

    Protecting against future threats

    Looking further ahead, Android 17 includes protections designed for threats that don’t yet exist at scale. OTPs (one-time passwords) will be hidden from malicious apps, closing off another common attack vector. Google also introduced Post-Quantum Cryptography in March, laying the groundwork for encryption that can withstand the computational power of future quantum systems — a forward-looking measure that reflects how seriously Google is treating long-term platform security.

  • Over 42 million downloads: malicious Android apps found on Google Play

    Over 42 million downloads: malicious Android apps found on Google Play

    According to a survey by cloud security firm Zscaler, hundreds of malicious Android apps on Google Play were downloaded over 40 million times between June 2024 and May 2025.

    The company saw a 67% year-over-year increase in malware that targeted mobile devices during that time, with banking trojans and spyware being the most common threats.

    According to telemetry data, threat actors are leveraging phishing, smishing, SIM-swapping, and payment frauds to take advantage of mobile payments instead of traditional card fraud.

    Malicious Android apps found on Google Play

    The shift to social engineering assaults can be explained by the widespread use of mobile payments and enhanced security standards like chip-and-PIN technology.

    According to Zscaler, “to carry out these assaults, fraudsters use phishing trojans and malicious programs designed to steal financial information and login passwords.”

    Zscaler estimates that it has found 239 harmful apps in the official Android store, with a total of 42 million downloads, compared to 200 malware apps on Google Play last year.

    The emergence of adware as the most significant threat in the Android ecosystem, which now accounts for over 69% of all detections—nearly twice as many as the previous year—is another noteworthy trend observed at that time.

    After leading with 38% the previous year, the Joker info-stealer is currently in second position with 23%.

    The SpyNote, SpyLoan, and BadBazaar families—which are used for identity theft, extortion, and surveillance—were the primary drivers of the notable 220% year-over-year (YoY) increase in spyware.

    Geographically speaking, 55% of all attacks were directed towards the United States, Canada, and India. Attacks against Israel and Italy also showed substantial increases, ranging from 800% to 4000% YoY, according to Zscaler.

    Malicious Android apps and malware

    In its annual study, Zscaler identifies three malware families that significantly affected Android users. The first is Anatsa, a banking trojan that occasionally enters Google Play through productivity and utility apps and receives hundreds of thousands of downloads each time.

    Since its discovery in 2020, anatsa has undergone continuous evolution. The most recent version is capable of stealing data from bitcoin sites, more than 831 financial institutions, and new areas like South Korea and Germany.

    The second is Android Void (Vo1d), a backdoor malware that targets Android TV boxes and has infected at least 1.6 million devices with out-of-date Android Open Source Project (AOSP) versions, mostly in Brazil and India.

    Malicious Android apps found on Google Play

    The third is Xnotice, a brand-new Android remote access trojan (RAT) that specifically targets job seekers in the oil and gas sector in Iran and Arabic-speaking areas.

    Xnotice propagates via applications that are disseminated through phony employment websites and pose as tools for registering for exams or applying for jobs.

    Through overlays, multi-factor authentication (MFA) codes, SMS messages, and screenshots, the spyware targets banking credentials.

    Users are encouraged to install security updates, only trust reliable publishers, reject or restrict accessibility permissions, refrain from downloading unnecessary apps, and routinely run Play Protect scans in order to protect themselves from Android malware threats, including those from Google Play.

    Routers continued to be the most targeted IoT equipment this year, according to Zscaler’s study. Hackers added routers to botnets or used them as proxies to spread malware by taking advantage of command injection flaws.

    The majority of IoT attacks took place in the United States, with rising hotbeds in Hong Kong, Germany, India, and China following, suggesting that attackers are targeting devices throughout a larger geographic area.

    The cybersecurity company advises businesses to harden IoT and cellular gateways by keeping an eye out for anomalies and implementing firmware-level protections, as well as to deploy zero-trust solutions for key networks.

    Strict application control guidelines, security against phishing attacks, and monitoring SIM-level communications for anomalies should all be part of mobile endpoint protections.

  • #scam alert! Avoid these scammy apps still listed in Play Store

    #scam alert! Avoid these scammy apps still listed in Play Store

    Around 20 million activity-tracking apps have been downloaded from the Google Play Store, according to software company Dr.Web (via BleepingComputer). What draws Android users to these three tracking applications so much? They advertise themselves as pedometers and health trackers that encourage you to exercise by promising to pay out cash rewards to those who meet specific targets.

    They are still listed in the Google Play Store

    According to the study from Dr.Web, these prizes are frequently impossible to obtain because users must accrue a significant number of awards before being required to view a huge number of ads in order to cash out. Users were instructed to watch more advertisements after they had already seen all of them in order to “speed up” the rewards process. “The applications did not check any of the payment-related data submitted by users, therefore the chances of obtaining any of the money promised from these apps are extremely tiny,” the research claims, despite this.

    Three apps mentioned in the report remain in the Google Play Store. They are:

    • Lucky Step – Walking Tracker with 10 million downloads.
    • WalkingJoy  with 5 million downloads.
    • Lucky Habit: health tracker with 5 million downloads.

    All three apps connect with the same command & control server. Such servers are usually used by attackers to send directions to systems infected by malware. With all three apps communicating with the same remote server, it is apparent that they have the same developer. It is also pointed out that earlier versions of the Lucky Step-Walking Tracker falsely said that users had the option of converting their rewards into gift cards for various online stores.

    Remember, these crooked developers make money when you view their ads. The more ads you watch, the more money they make.

    scam apps

    The mechanism that would convert prizes into cash was eventually deleted from the Lucky Step-Walking Tracker app update, and the interface elements that would need to be tapped to complete this conversion vanished. The prizes that had been accumulated before were now useless.

    One more malicious app that you need to avoid

    A workout program called FitStar that generates a personalized weight-loss plan for 29 rubles was also highlighted in Dr. Web’s report (equivalent to 41 U.S. cents). Nevertheless, individuals who subscribed were unaware that the program they were enrolling in was only valid for one day. Following the trial period, users were automatically renewed for an additional four days of service at 980 rubles ($13.86). The program’s full access cost 7,000 rubles ($98.98), and users’ subscriptions were automatically renewed every four days.

    This app is also still listed in the Google Play Store. Comments for this app note that if you install it, the icon doesn’t show up on your phone’s list of installed apps making it hard to uninstall. The same review also notes that “The app is trying from the start to get into either Facebook or Google data…”

    3badapps 2

    Phishing games

    In the same report, Dr. Web warned that phishing apps disguised as investment apps and games were found on Google Play, measuring over 450,000 downloads.

    The apps connect to a remote server upon launch and receive a configuration instructing them on what to do. Typically, the instructions involve loading phishing pages that request users to enter sensitive details.

    The malicious game apps observed by Dr. Web are the following:

    • Golden Hunt – 100,000 downloads
    • Reflector – 100,000 downloads
    • Seven Golden Wolf blackjack – 100,000 downloads (still on Google Play)
    • Unlimited Score – 50,000 downloads
    • Big Decisions – 50,000 downloads
    • Jewel Sea – 10,000 downloads
    • Lux Fruits Game – 10,000 downloads
    • Lucky Clover – 10,000 downloads
    • King Blitz – 5,000 downloads
    • Lucky Hammer – 1,000 downloads

    If any of the aforementioned phishing apps are already installed on your Android device, you should uninstall them right once. After that, conduct an antivirus scan to find and get rid of any leftovers.

    Google has been questioned regarding the security of the apps that are still available on the Play Store.