12 new security features coming to Android phones in 2026

Google has taken to The Android Show I/O Edition to drop a barrage of very important announcements, including a whole new category of laptops called Googlebooks, a new agentic AI approach for smartphones with Gemini Intelligence, multiple new Android Auto features, and more. Among the announcements, Google also detailed several new and previously known Android security features that users can expect to roll out this year.

In light of the evolving threat landscape and the increasingly sophisticated tricks bad actors use to trap Android users, Google is making some welcome updates to existing Android features, including scam call protection, Live Threat Detection, Theft Protection, and others. Many of these features will roll out with Android 17. Here’s everything Google has announced and when you can expect to get it on your Android devices.

New security features for Android

1. Android will automatically end spoofed banking scam calls

Google is introducing verified financial calls to Android, a feature we first spotted in an APK teardown back in April. The new anti-scam tool is designed to stop callers from impersonating banks and financial institutions. If Android detects that a call claiming to come from your bank is fake, the system will automatically end that call even before the scammer can get through.

The feature works by checking with supported banking apps installed on your phone to verify whether the institution is actually calling you. Google says the rollout will begin on Android 11 and newer devices in the coming weeks, with support from banks including Revolut, Itaú, and Nubank to begin with.

2. Live Threat Detection is getting smarter

Google is expanding Android’s AI-powered Live Threat Detection feature with new protections against suspicious app behavior. Android will now warn users about apps that secretly forward SMS messages and abuse accessibility permissions.

Android 17 will also introduce “dynamic signal monitoring,” a feature that will allow Google to flag apps that hide their icons before launching malicious activity in the background. Google says dynamic signal monitoring will also allow it to push new threat-detection rules in real time to better combat emerging malware techniques. It will start rolling out in the second half of the year on select devices.

3. Chrome on Android will scan APK downloads for malware

Chrome on Android is getting an additional layer of protection against harmful APK downloads. The feature was previously spotted in Chrome Canary for Android. If Safe Browsing is enabled, Chrome will evaluate APK files for known malware before they are downloaded. This could protect users by potentially preventing malicious apps from being installed.

4. Advanced Protection is expanding significantly

Google is adding several new safeguards to Android’s Advanced Protection mode in Android 17. These include:

• Blocking accessibility service access for apps that are not accessibility tools. This is something Google already rolled out with Android 17 Beta 2.
• Disabling device-to-device unlocking.
• Disabling Chrome WebGPU support. We spotted this option within Android’s Advanced Protection Mode earlier this month.
• Adding scam detection for chat notifications.
• Adding Android Enterprise support later this year for managed devices (coming later this year).

Google also confirmed that USB protection is now available on all Pixel devices running Android 16 and newer, and will be coming to more Android devices soon.

5. Mark as lost now adds biometric protection

Android’s “Mark as lost” feature in the Find Hub is becoming more powerful in Android 17. Once enabled, users can set their devices to require biometric authentication to regain access. That means even if someone knows your PIN or password, they won’t be able to access your device without your fingerprint or face if you mark it as lost.

Moreover, Google says that triggering Mark as lost will now also disable new Wi-Fi and Bluetooth connections while hiding the Quick Settings menu.

6. Theft protections are becoming the default-on

Following a pilot in Brazil, Google says it’s expanding default-enabled theft protection features globally. On Android 17 devices, Remote Lock and Theft Detection Lock will automatically turn on by default after setup, reset, or upgrade.

Google is also extending these protections to Android 10 and newer devices in countries including Argentina, Chile, Colombia, Mexico, and the UK due to high demand.

7. Android is making PIN guessing attacks harder

Google says Android 17 will limit the number of failed PIN or password attempts attackers can make. It’s unclear whether this limit is different from what Google announced earlier this year. The company says Android 17 will also add longer delays between attempts and improve how lock screen information is shown after repeated failures.

8. You’ll be able to temporarily share your precise location

With Android 17, Google is also introducing a new, temporary precise location-sharing button. So instead of granting permanent location access to an app or service, you’ll be able to allow access to your precise location only while the app is actively open.

Google says this is designed for quick tasks like finding nearby businesses without giving apps continuous background access. The feature is already available on Android 17 Beta 3.

9. Android is improving location transparency

Similar to Android’s camera and microphone indicators, Android 17 will show a more visible location usage indicator whenever apps access your location. This feature, first spotted in Android 16 QPR3, lets you tap the indicator to see which apps have recently used location access and manage permissions immediately.

10. Apps will get more limited access to your contacts

Google is launching a new contact picker that lets apps request access only to specific contacts instead of an entire address book. Apps can also request access only to certain contact fields, and that access will be temporary. This is something we first spotted last November, and Google recently made it official in March this year.

11. Android 17 will verify whether your OS build is legitimate

Google is introducing Android OS verification to help users confirm whether their device is running an official Android build. Launching first on Pixel phones, the feature is meant to combat modified Android versions that appear legitimate while secretly compromising security.

Google is also introducing a public append-only ledger that cryptographically verifies official Google apps and GMS APIs.

12. Android is protecting OTPs and preparing for post-quantum threats

Android will now automatically hide one-time passwords from most apps for three hours to prevent malicious apps from stealing authentication codes. The feature has already rolled out in Android 17 Beta 2 and should reach users more widely with the stable release.

As announced back in March, Android 17 is also adding support for Post-Quantum Cryptography and improved 2G network protections, allowing carriers to disable 2G by default in areas where the technology is no longer maintained.