Bank impersonation is a popular scam tactic, and one I’ve written about a lot. Fraudsters prey on people’s fear, confusion, and desire to protect their money, which may lead targets to hand over login credentials, make irreversible wire transfers, or provide other sensitive information without stopping to question their actions.
Android users in the U.S. will soon have extra protection against scams targeting their financial apps, preventing threat actors impersonating bank representatives from accessing data on their devices. Google’s in-call scam protection is designed to prevent users from sharing their screens with threat actors and help them avoid revealing their banking information.
How Android in-call protection works
Android’s scam protection kicks in if you are on a phone call with a number not saved in your contacts and attempt to open a participating financial app. You’ll get a pop-up warning that the call is likely a scam with a reminder not to make payments or share personal information and a button to end the call (and stop screen sharing). There’s also a 30-second delay on further action on your device, which Google says is designed to disrupt any sense of urgency.
Note that financial institutions must opt into in this feature—at this time, Google has specifically named Cash App and JPMorganChase as partners, though it indicates expansion to other popular fintechs and banks.
What do you think so far?
Google initially rolled out in-call protections for banking apps to UK users earlier this year as part of a larger package of security features announced ahead of Google I/O. That launch also included real-time scam detection alerts for calls and texts, improved theft protection via remote lock and identity check, key verifier for Google Messages, and device-level Advanced Protection (in addition to account-level settings).
Alongside the US pilot, in-call scam protections will now cover most major banks in the UK as well as financial apps in Brazil and India.
