### Intrusion Logging: A Deep Dive **Google** has unveiled a new opt-in **Android** feature called **Intrusion Logging** for storing forensic logs to better analyze sophisticated spyware attacks. Available as part of **Advanced Protection Mode**, it enables "persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise." The feature, developed in partnership with **Amnesty International** and **Reporters Without Borders**, logs device and network activities on a daily basis. This includes: * App activity (e.g., when an app process starts) * App installations, updates, and uninstalls * Network connections like starting and stopping Wi-Fi, Bluetooth, DNS lookups, and IP addresses * File transfers to or from the device over USB * Changes to system certificates * When the device is locked or unlocked Crucially, the log data is end-to-end encrypted and stored on **Google** servers, secured by the user's **Google** Account password and screen lock credentials. This prevents unauthorized access, even from **Google** itself. The encrypted logs are stored for 12 months before automatic deletion. Users can download the logs for longer retention, but **Google** emphasizes that they are then responsible for their security. It's important to note that **Intrusion Logging** records network events from **Chrome** Incognito browsing, including DNS lookups and IP connections. Therefore, decrypted logs could reveal visited websites, though not specific pages. The primary goal is to allow high-risk individuals, potentially targeted by advanced surveillance tools, to share activity logs with trusted security experts for detailed analysis. To access the logs, users can navigate to Settings -> Security & privacy -> Advanced Protection -> Intrusion Logging -> Access logs. This feature is rolling out to devices running the **Android** 16 December update and newer. **Donncha Ó Cearbhaill**, head of Security Lab at **Amnesty International**, stated that **Google** is the first major vendor to proactively address the challenge of detecting advanced attacks on devices with Intrusion Logging. ### Additional Privacy and Security Enhancements **Google** is also introducing several other privacy and security improvements: * **Verified Financial Calls:** Protects against scammers impersonating banks by verifying calls with the bank's online banking app. Calls not verified are automatically terminated. This feature is expected to launch on **Android** 11+ devices with **Revolut**, **Itaú**, and **Nubank** initially. * Expanding **Live Threat Detection:** Issues warnings about suspicious app behavior, including SMS forwarding and accessibility overlays used by **Android** banking trojans. * Evaluating downloaded APK files via **Chrome** for known malware before installation when Safe Browsing is enabled. * Restricting accessibility services API access to apps genuinely labeled as accessibility tools. * Disabling device-to-device unlocking and **Chrome** WebGPU support. * Adding scam detection for chat notifications. * Enhancing **Find Hub's** Mark as lost feature with biometric lock, preventing thieves from disabling device tracking. * Limiting PIN/password guess attempts and increasing wait times between failures. * Improving device recovery by making the IMEI number accessible on the lock screen (**Android** 12+). * Enhancing privacy controls for precise location sharing and contact access. * Introducing AISeal with pKVM for hardware-backed, on-device isolation of AI data processing. * Expanding **Binary Transparency in Android** for integrity verification of official builds and a public ledger for authentic **Google** apps and foundational GMS APIs. * Hiding SMS one-time passwords (OTPs) from most apps for three hours to prevent OTP theft. * Enabling carriers to disable 2G by default to mitigate legacy technology vulnerabilities. * Hardening data protection with post-quantum cryptography. * Incorporating explicit user controls for opting in/out of Gemini features on **Android**. **Eugene Liderman**, director of **Android** security and privacy, emphasized that these improvements ensure **Android** remains the most secure platform.