Summary
- Android 16 is expected to expand digital protection beyond Android 15’s theft detection features with a new Advanced Protection mode.
- Code strings in a Google Play Services beta hint at a new “Intrusion Detection” feature within the Advanced Protection mode, which will store encrypted logs of device activity (like USB events, browsing history, app installs) on Google Drive for post-intrusion analysis.
- This Intrusion Detection system is an ‘after-the-fact’ tool, likely most beneficial for technically inclined or security-conscious users rather than the average user. Its release timeline with Android 16 is still uncertain.
Google is coming for hackers, scammers, and in general, threat actors’ jugular with Android 16.
After introducing the theft detection suite of features with Android 15, which includes features like Theft Detection Lock and Identity Check, Google wants to expand the digital protection features to more Android devices, and that could happen with Android 16. With the upcoming major update, however, Google is not just porting older safety tools to more devices, it is also working towards introducing a new set of features with Advanced Protection mode.
Related
Pixel’s Identity Check could land on more phones with Android 16
OnePlus 13 users get an early taste
The new suite will encompass several existing safety measures, including download restrictions from unknown sources, Phone and Google Messages scam and spam safeguards, protection against memory bugs and unsafe apps, and more. Now, newly unearthed code strings suggest that the protection mode will also house a completely new security feature. One that will allow users to analyze digital activity logs if an ‘intrusion’ has occurred.
Highlighted by the folks over at Android Authority in a new Google Play Services beta build (version 25.18.31), the aptly-named tool is Intrusion Detection, and it will be an after-the-fact feature, not a preventive one.
Your forensic files remain private
<string name="intrusiondetection_learn_more">Device protection helps keep your device and data safe, but there are some things to know about turning on the protections.</string>
<string name=”intrusiondetection_main_user_warning”>Only the primary user can change this setting</string>
<string name=”intrusiondetection_readonly_pref_1_desc”>Your activity logs will be stored in a private and encrypted Google Drive. These logs can be used for forensic analysis in cases of suspicious activity.</string>
<string name=”intrusiondetection_readonly_pref_1_title”>Intrusion detection</string>
<string name=”intrusiondetection_readonly_pref_2_desc”>You are agreeing to E2EE log collection, such events as USB events, network info such as browsing history, app installs, Bluetooth connections, lockscreen info, and wifi. Only you are able to decrypt this data with your account password and device lock screen.</string>
<string name=”intrusiondetection_readonly_pref_2_title”>Log collection</string>
<string name=”intrusiondetection_resources_card_desc”>This Google Account will be used to encrypt your logs. Be sure you are selecting the right account.</string>
<string name=”intrusiondetection_resources_card_title”>Google Account</string>
<string name=”intrusiondetection_switch_title”>Activate Intrusion Detection</string>
<string name=”intrusiondetection_title”>Setup Advanced Protection</string>
Strings suggest that the feature, if enabled, will store your device and account(s)’ activity logs in an encrypted Google Drive folder. These logs can then be used for “forensic analysis in cases of suspicious activity.”
Activity logs can include information about USB events, network information, browsing history, app installs, Bluetooth connections, lock screen information, and information about Wi-Fi. “Only you are able to decrypt this data with your account password and device lock screen,” suggest the strings. I can see the feature being useful for users working in sensitive fields, or those who are technically inclined or security-conscious. For the regular user, though, the feature’s benefits might be less immediately apparent.
Instead of being its own standalone feature, strings suggest that Intrusion Detection will be part of Android 16’s Advanced Protection Mode. Whether it will make its way to users with the initial stable release, or with subsequent quarterly updates, remains to be seen.
Related
Android 16’s Advanced Protection mode is almost ready for prime time
The feature has been in the works for a while
