Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
I’ve been covering it spam calls for years, so when Google he gave me a lot of new information Android feature designed to detect and make bad calls, I was ready to hear more. What I didn’t expect from the show was hearing my voice.
“I’m excited to ask you today about this new fake phone detection feature! I heard myself say, as the picture I’ve been using publicly for years appeared on the monitor. The caller’s name was “Lily.” Unfortunately, I’ve lost my wallet and I’m stuck. Any chance I could get an Uber to the interview?”
As my disembodied voice began to ask me softly, a pop-up appeared as a static computer screen: “This can’t be Lily. Maybe someone is pretending to call your number.”
For Android phones that call each other, the new feature checks digital credentials and flags and pop-up alerts if the call is not from the phone you’re connected to and could be a scam. When the display shows the call as a hoax, it immediately removes the contact image on the back of the phone to emphasize the depth of what is happening (not shown in the demo that Google made for WIRED). And the feature also changes the entry in the current log of the Android phone to “Unknown Caller” instead of showing the contact name.
Spam calls have been an epidemic for years, and the threat has only grown as attackers begin to incorporate AI speech recognition tools into their attacks – making it possible to reliably impersonate a victim’s acquaintance, or family member, in real time. And when a push for many years it has helped to identify routine callers, it has not solved the problem, and not all spam calls are recorded. Phones that still fall through the cracks become more difficult as attackers focus their attention on spoofing – making it look like their call is from a number you trust, or recognize, then using AI tools to sound like the person you expect when you call.
With these types of scams and attacks on the rise, Dave Kleidermacher, vice president of security and privacy at Android, and Eugene Liderman, director of privacy protection at Android, say there was a real desire within Google to improve victim protection. And he emphasized that while the obvious approach is to try to fight fire with fire—using AI tools to help identify voice clones in calls—this approach alone is not enough. It can have false positives and false negatives, but it can also feed an arms race between attackers and defenders.
“We’re always looking to see if there’s a proven, high-confidence solution that we can do,” says Kleidermacher.
The app is built on the RCS interface and baked into the Google Dialer. Starting today, it will start rolling out updates for all Android phones running Android 12 (from 2021) and later. This system uses RCS to link your phone number with your actual smartphone. When you call another Android user, your device sends what Kleidermacher describes as a “virtual background authentication signal” to the other person’s device to verify the authenticity of your call. If hardware-based authentication is missing, Google Dialer will make the call.
“If you’re calling me and we’re within range of each other, and we’re both using a Google dialer that has this capability, then I’ll always know if it’s you,” says Kleidermacher. “If someone tries to call me through a VoIP unit or other system and messes up your phone number with your voice, the Caller will say it’s not you.”
