Android's new safety feature can help detect spyware attacks
What's the story
Google has introduced a new feature called "Intrusion Logging" in Android, aimed at helping security researchers investigate spyware attacks. The feature is part of the Advanced Protection Mode, an opt-in security mode launched by Google last year. The move comes as a response to government-sponsored spyware and police forensic devices that attempt to extract data from personal phones.
Feature
How does Intrusion Logging work?
Intrusion Logging is a unique feature that creates a new type of log, documenting errors and gathering evidence when something goes wrong with the software. The logs are encrypted and stored in the user's Google account in the cloud, preventing potential deletion of evidence by spyware. It records events like phone unlocks, app installations/uninstallations, website/server connections, and connections to Android Debug Bridge (ADB), among others.
Partnership impact
Amnesty International lauds the new feature
Amnesty International, which collaborated with Google to develop Intrusion Logging, called it "a fundamental shift in the amount and quality of forensic data available on Android devices." The organization noted that previous logs weren't very useful for researchers as they were overwritten quickly, effectively erasing potential evidence of attacks. Donncha O Cearbhaill from Amnesty's Security Lab said Android's technical limits have made it difficult to analyze system logs and files for signs of compromise.
Detection improvement
How to enable Intrusion Logging on your Android device
The introduction of Intrusion Logging is expected to improve the detection of spyware attacks on Android devices. Google announced the feature a year ago but is now rolling it out to all devices running the Android 16 December update and newer. However, it should be noted that this feature is only available for Google-made Pixel devices linked with a Google account and requires enabling Advanced Protection Mode.
User concerns
Limitations of the new feature
Despite being a major step forward, Intrusion Logging does have some limitations. It keeps records of browser navigation history and connections, which users may be hesitant to share with investigators. Google says both the Advanced Protection Mode and Intrusion Logging are for people who think they may be at risk of attacks done with spyware and forensic devices.