SecurityWeek
Malware & Threats
Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware
Google bundles multiple safeguards under a single Android toggle to protect high-risk users from advanced mobile malware implants.
May 14, 2025
Google is baking its most aggressive security settings yet into Android 16, rolling out an ‘Advanced Protection’ mode aimed at blocking mobile malware exploits from commercial spyware vendors and scammers.
The setting, which resembles Apple’s iOS Lockdown Mode, bundles multiple safeguards under a single toggle and is aimed at journalists, officials and other high-risk users who have become prime targets for mobile malware implants.
Once enabled, Google said the new Advanced Protection will enforce mandatory Verified Boot, exploit-mitigating Memory Tagging, automatic blocking of risky USB connections and 2G-only networks, and a blanket ban on sideloading or disabling Play Protect while the phone is in use.
A major feature is Intrusion Logging, an encrypted, tamper-proof log vault that Google is positioning to incident-response teams as a tool to reconstruct what happened if spyware does slip through, solving a forensic blind spot that has long frustrated investigators.
“Once a user turns on Advanced Protection, the system prevents accidental or malicious disablement of the individual security features under the Advanced Protection umbrella. This reflects a “defense-in-depth” strategy, where multiple security layers work together,” Google explained.
The tech giant said Advanced Protection will also incorporate third-party applications that choose to integrate in the future.
The Advanced Protection suite also includes theft-detection auto-locking, an offline device lock, safe browsing features from Chrome, Javascript protections, AI-powered automatic call screening, and scam detection for Phone by Google.
Advanced Protection ships with Android 16 this fall and Google plans to add Intrusion Logging, USB protection, the option to disable auto-reconnect to insecure networks, and integration with Scam Detection for Phone by Google later this year.
Advertisement. Scroll to continue reading.
The new Android security tooling comes as Google’s own threat-intel team counted 75 in-the-wild zero-days last year, many weaponized by surveillance vendors and later repurposed by state hackers.
Apple’s Lockdown Mode was the first mainstream answer to that threat, shutting off attack-prone services on iPhones and iPads; Android’s move brings parity for hundreds of millions of users outside Apple’s ecosystem.
Related: Can ‘Lockdown Mode’ Solve Apple’s Mercenary Spyware Problem?
Related: Apple Adds ‘Lockdown Mode’ to Thwart .Gov Mercenary Spyware
Related: Apple Adds ‘BlastDoor’ to Secure iPhones From Zero-Click Attacks
Related: Google: NSO Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen’
Related: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation
Written ByRyan Naraine
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- Adobe Patches Big Batch of Critical-Severity Software Flaws
- Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday
- Orca Snaps Up Opus in Cloud Security Automation Push
- Apple Patches Major Security Flaws in iOS, macOS Platforms
- New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA
- White House Proposal Slashes Half-Billion From CISA Budget
- Tech Giants Propose Standard For End-of-Life Security Disclosures
- JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference
Latest News
- Google Warns UK Retailer Hackers Now Targeting US
- In Other News: Hackers Not Behind Blackout, CISO Docuseries, Dior Data Breach
- From 60 to 4,000: NATO’s Locked Shields Reflects Cyber Defense Growth
- Russian APT Exploiting Mail Servers Against Government, Defense Organizations
- FBI Warns of Deepfake Messages Impersonating Senior Officials
- Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025
- Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List
- Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data
Trending
SecurityWeek Analysis: 178 Cybersecurity M&A Deals Announced in First Half of 2024
Australian Human Rights Commission Discloses Data Breach
Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025
Production at Steelmaker Nucor Disrupted by Cyberattack
Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List
Chinese Hackers Hit Drone Sector in Supply Chain Attacks
Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data
Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’
Daily Briefing Newsletter
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Virtual Event: Threat Detection and Incident Response Summit
May 21, 2025
Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.Register
Webinar: Cut Through the Noise: Why Context is a Secret Weapon in ASPM
May 29, 2025
Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.Register
People on the Move
Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.
Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.
Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.
Expert Insights
Is AI Use in the Workplace Out of Control?
Trying to block AI tools outright is a losing strategy. SaaS and AI are increasingly inseparable, and AI isn’t limited to tools like ChatGPT or Copilot anymore. (Alastair Paterson)
Sharing Intelligence Beyond CTI Teams, Across Wider Functions and Departments
CTI, digital brand protection and other cyber risk initiatives shouldn’t only be utilized by security and cyber teams. (Marc Solomon)
Rising Tides: Kelley Misata on Bringing Cybersecurity to Nonprofits
Sightline Security’s founder explains why nonprofits need cybersecurity solutions tailored to their unique missions — and why vendors need to listen. (Jennifer Leggio)
Applying the OODA Loop to Solve the Shadow AI Problem
By taking immediate actions, organizations can ensure that shadow AI is prevented and used constructively where possible. (Etay Maor)
Year of the Twin Dragons: Developers Must Slay the Complexity and Security Issues of AI Coding Tools
The advantages AI tools deliver in speed and efficiency are impossible for developers to resist. But the complexity and risk created by AI-generated code can’t be ignored. (Matias Madou)
Popular Topics
Security Community
Stay Intouch
About SecurityWeek
News Tips
Got a confidential news tip? We want to hear from you.Submit Tip
Advertising
Reach a large audience of enterprise cybersecurity professionals Contact Us
Daily Briefing Newsletter
Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.
Copyright © 2025 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.
R.M.P Marotta Long Island 
Leave a comment