Android 17 Introduces Banking Scam Call Blocking and Enhanced Theft Protection Across Devices
What Happened – Google announced Android 17, slated for release next month, will add on‑device detection of spoofed banking‑scam calls, expanded “Mark as lost” theft controls, and broader anti‑stalkerware capabilities. The feature initially supports Revolut, Itaú Unibanco, and Nubank and will be back‑ported to Android 11‑plus devices.
Why It Matters for TPRM –
- Reduces the risk of credential theft via phone‑based social engineering targeting financial‑service vendors.
- Strengthens endpoint security for any third‑party mobile app ecosystem that processes payment or personal data.
- Provides a measurable control (call‑blocking, biometric lock) that can be validated in vendor risk assessments.
Who Is Affected – Financial services (digital banks, payments apps), enterprise mobile‑app providers, and end‑users of Android devices worldwide.
Recommended Actions –
- Verify that your banking‑app vendors have integrated Android 17’s call‑verification APIs.
- Update mobile device management (MDM) policies to enforce the new “Mark as lost” biometric lock where supported.
- Incorporate Android 17’s anti‑stalkerware detection into your app‑security testing criteria.
Technical Notes – The OS will query banking apps for an internal list of legitimate caller IDs; mismatches trigger automatic call termination. “Mark as lost” locks the device via biometrics, disables Quick Settings, Wi‑Fi, and Bluetooth, and prevents further tracking resets. Additional protections include Play Protect‑based live threat detection for SMS‑forwarding abuse, hidden accessibility overlays, and malicious background launches. Source: BleepingComputer