Android 16 is getting a built-in spy detector
Google is working on a new Intrusion Detection feature for Android 16, a security enhancement that keeps a private, encrypted log of system and network activities to help users identify suspicious activity on their devices.
An APK teardown of the Google Play Services app (version 25.18.31) by Android Authority revealed several strings related to this feature, which is expected to be part of Android 16’s Advanced Protection Mode:
<string name=”intrusiondetection_learn_more”>Device protection helps keep your device and data safe, but there are some things to know about turning on the protections.</string>
<string name=”intrusiondetection_main_user_warning”>Only the primary user can change this setting</string>
<string name=”intrusiondetection_readonly_pref_1_desc”>Your activity logs will be stored in a private and encrypted Google Drive. This logs can be used for forensic analysis in cases of suspicious activity.</string>
<string name=”intrusiondetection_readonly_pref_1_title”>Intrusion detection</string>
<string name=”intrusiondetection_readonly_pref_2_desc”>You are agreeing to E2EE log collection, such events as USB events, network info such as browsing history, app installs, Bluetooth connections, lockscreen info, and wifi. Only you are able to decrypt this data with your account password and device lock screen.</string>
<string name=”intrusiondetection_readonly_pref_2_title”>Log collection</string>
<string name=”intrusiondetection_resources_card_desc”>This Google Account will be used to encrypt your logs. Be sure you are selecting the right account.</string>
<string name=”intrusiondetection_resources_card_title”>Google Account</string>
<string name=”intrusiondetection_switch_title”>Activate Intrusion Detection</string>
<string name=”intrusiondetection_title”>Setup Advanced Protection</string>
The Intrusion Detection system logs various activities, including USB events, app installs, Bluetooth connections, lock screen information, Wi-Fi connections, and browsing history. These logs are stored on a “private and encrypted” Google Drive, with end-to-end encryption ensuring that only the user can decrypt the log using their Google account password and device lock screen.
The feature is designed to provide users with a tool to analyze their device’s activity in case of suspicious behavior, potentially making it easier to detect unauthorized access or malicious activity. This could be particularly useful for individuals working in sensitive fields or those concerned about device security.
Previous discoveries of related strings in Android 16 suggest that Intrusion Detection might be exclusive to this version and not available on older Android versions. The connection to Advanced Protection Mode further supports this, indicating that Intrusion Detection is a key component of Android 16’s enhanced security features.