Google's June Android feature drop includes more scam detection, more AirDrop, and yes, more AI.
See full article...
See full article...
Google announces deepfake call detection for Android, new AirDrop device support
- Thread starter JournalBot
- Start date
Upvote
44
(44
/
0)
From a brief look at the article it appears that this works by your phone asking the device purportedly belonging to the caller if they did in fact make the call. So it's authentication at the device level, not at the network level.
Unfortunately it only works when both the recipient of the call and the purported originator of the call both have properly configured Android phones. It would be nice if Google could have implemented this in such a way that it would work with a combination of both Android and iPhone devices, and didn't rely on a handful of Google-specific apps. If they could have done that it would likely have worked on well over 90% of mobile-to-mobile calls with little to no setup.
Upvote
15
(15
/
0)
It would be great to have a deep dive on how number spoofing is done, because as you suggest on the surface it really seems like this should be trivial for the telecom companies to control, and it would kneecap a huge portion of the scams being run this way.
Upvote
28
(28
/
0)
This is the only time I'll give Comcast credit... Their system rejects outright, sends to voicemail if it's "unsure" or labels it during handoff. My antecdotal experience... others may vary.
*My Pixel 9 has blocked everything, so I can validate they're getting it "mostly" right.
Upvote
3
(3
/
0)
I was exited about this:
Which okay fine...except most economically damaging impersonation fraud isn't people pretending to be your family member or BFF asking for $50 in Bitcoin for pizza. Most of that fraud are people pretending to be your DMV, or the IRS, or Sheriff's office, or any number of other governmental orgs, claiming you owe back penalties or fines. Which, this seems not to actually address.
Upvote
25
(25
/
0)
For pretty much the same reason you can spoof email addresses - it was designed at a time when everyone connected to the network could be trusted.
There have been attempts to add security measures with mixed results.
Upvote
8
(8
/
0)
This also requires that....RCS happens to work.
Between my various family members RCS, most on Androids and mostly Pixels, manages to not work 25% of the time.
Upvote
8
(9
/
-1)
If android were still using names of sweets, what would 17's be? The best suggestion will receive a shiny upvote from me!
Upvote
0
(0
/
0)
My mother in law received a call from someone spoofing my son's phone. The scammer said that they were in trouble and needed my MIL to send them $3,000 immediately. Luckily we had literally just had a conversation with my inlaws about this type of scam the prior weekend and they hung up and called my son back to confirm.
Upvote
10
(10
/
0)
Supposedly they still use dessert names internally, as code names. Android 17 is "Cinnamon Bun"
https://www.androidauthority.com/android-17-codename-3585116/
Upvote
7
(7
/
0)
Yikes.
I had a family member nearly get played by an IRS scammer years ago. Every week in these parts someone is running a DMV scam mass SMS phishing claiming people have unpaid speeding tickets.
That being said...this will probably be more of a problem, as AI only turbocharges scammers. My concern is that this just puts a finger in a leaking dam--whose crack is only going to get bigger, How long until our phones are overrun with identity confirmation RCS notifications because of rampant scammers? IDK, I do know one of my coworkers regularly has people trying to crack their work SSO login because of their credential access level. Usually once a day they get locked out, mid-work, because of the 3-time limit on wrong password entry before needing to call IT.
Upvote
6
(6
/
0)
It's been literally decades since I worked in the computer telephony field, but I did enough programming with it back then that I have a fairly good idea of how it works. In a nutshell, Caller ID has always been something the telephone companies have trusted companies to configure properly. Caller ID is meant to inform you as to who is calling, but if it just displayed the telephone number of the person calling you then you might not recognize it.
Suppose you were a customer of a big national bank (BigBank), and they would occasionally call you about your account status, new offers, potential security issues, etc. All those calls could originate from different offices scattered across the country, and therefore would have very different telephone numbers. But they want you to see something that makes it obvious who it is that's calling, and also directs you to their main customer support number. So they would program the telephone systems in each of their offices to display "1-888-5BigBank" as the Caller ID display. That way, when somebody called you whether it's from their office in California or New York, their telephone system would pass that Caller ID string on to the telephone company, and the telco would simply pass it on to your phone. So it's truly 100% trust based.
As more of the telephone networks have become digitized there's been a push to address all this. The FCC has started mandating that larger carriers implement a system know as STIR/SHAKEN which is meant to combat spoofing.
Upvote
12
(13
/
-1)
It wouldn't surprise me if Google approached Apple and Apple chose to keep their garden walled. It also wouldn't surprise me if Apple copies this capability for iPhone-to-iPhone calls before eventually capitulating to a universal standard as they did with RCS.
Upvote
7
(9
/
-2)
Quindim (Brazilian baked dessert made from sugar, egg yolks, and ground coconut)
Upvote
1
(2
/
-1)
Android gets internal code names, they're just not used on the public builds. These mostly lined up with the public names with a few exceptions. Oreo was Oatmeal Cookie, for example.
After Pie, the names were Quince Tart, Red Velvet Cake, Snow Cone, Tiramisu, Upside-down Cake, Vanilla Ice Cream, and Baklava. Android 17 is Cinnamon Bun.
Upvote
5
(5
/
0)
As was the web, but we created PKI, and while PKI is not perfect it is better than 0 trust. Telecoms as a central trust store is obvious. I imagine the telecoms would say it has something to do with POTS and lots of other things the system has to support, but, if it is a $3B problem, it is probably worth some churn. (Of course the real reason is the telecom isn't paying the $3B, so they do not care.)
Upvote
5
(5
/
0)
T-Mobile flags a great many spam calls as such, but they put them through anyway. I'm guessing it's to maintain peerage numbers, but, whatever the reason, it is incredibly annoying that they do npot just terminate the attempted spam call before it hits my phone.
This isn't really related, but T-Mobile is also the only carrier I have ever used that does not give you the timestamp and number for a voice message. I can have nine messages, but no way to know which message was from what number. Also, T-Mobile apparently has a hole in their system that allows messages to be left without a call being acknowledged, which is why I cannot simply use the call log to figure out where messages come from.
This isn't really related, but T-Mobile is also the only carrier I have ever used that does not give you the timestamp and number for a voice message. I can have nine messages, but no way to know which message was from what number. Also, T-Mobile apparently has a hole in their system that allows messages to be left without a call being acknowledged, which is why I cannot simply use the call log to figure out where messages come from.
Upvote
0
(0
/
0)
Majority of the spoof numbers that I cross-check with free available services such as whitepages or spokeo, they always point to a VoIP provider. I do wish Android had better management to just throw any number that is not in my contact list to voice mail. I don't want to trust another 3rd-party app that might have fun adware that trickles into malware.
Upvote
1
(1
/
0)
Luckily we have DMARC and others to combat spoofed emails. If they could just take that theory and implement it world wide to phones, then you could have your phone reject all calls that don't pass "DMARC For Cellular".
Upvote
1
(1
/
0)
They don't care. And the government doesn't want to make them.
Seriously, the whole phone system could be secured with complex cryptography, at very minimal cost, but it's not.
Upvote
2
(2
/
0)
If you're allowed to require custom software on both sides of the call to solve this problem, you might as well just use Signal Messenger to solve this problem well and a bunch of other problems at the same time.
... but Signal has been around for over 10 years now. Sure, it's not backed by Google, but if you look at how many people use it, you'll get some idea of the limitations of requiring custom software on both sides.
Google's real motivation here is presumably not to stop fraud but to drive more adoption of their apps in a way that's compatible with advertising, data harvesting for Gemini training, and other revenue-driving activities (if not now, in the future).
... but Signal has been around for over 10 years now. Sure, it's not backed by Google, but if you look at how many people use it, you'll get some idea of the limitations of requiring custom software on both sides.
Google's real motivation here is presumably not to stop fraud but to drive more adoption of their apps in a way that's compatible with advertising, data harvesting for Gemini training, and other revenue-driving activities (if not now, in the future).
Last edited:
Upvote
0
(1
/
-1)
How will this work with Google Voice? That's Google's separate service that let's you have a different phone number to send and receive calls and messages.
When you dial a number, Google voice overrides the outgoing number to proxy through their service, and when you get an incoming call at your Google voice number, it call forwards to your real cell phone number. This can all be done somehow over carrier telecom systems and not solely as a VOIP.
In both cases, Google itself is spoofing phone numbers. When you call someone else, Google doesn't have to do much other than overwrite your outgoing call number to their own call center number and let the service know what number to forward, so the end caller sees your Google voice number instead of your real cell number. Logically, this doesn't take much spoofing.
But when someone calls you, Google has to connect to your real cell phone number and spoof the incoming caller ID. The app isn't necessarily required - I used to use this setup on a true dumb cell phone in the pre smartphone era, so I know they're using caller ID spoofing in some way.
The article doesn't mention Google Voice compatibility, but I hope they're able to keep that compatible, as I've been using Google voice as my primary number for a couple decades. I got a number back before Google even bought out the service, Grand Central.
When you dial a number, Google voice overrides the outgoing number to proxy through their service, and when you get an incoming call at your Google voice number, it call forwards to your real cell phone number. This can all be done somehow over carrier telecom systems and not solely as a VOIP.
In both cases, Google itself is spoofing phone numbers. When you call someone else, Google doesn't have to do much other than overwrite your outgoing call number to their own call center number and let the service know what number to forward, so the end caller sees your Google voice number instead of your real cell number. Logically, this doesn't take much spoofing.
But when someone calls you, Google has to connect to your real cell phone number and spoof the incoming caller ID. The app isn't necessarily required - I used to use this setup on a true dumb cell phone in the pre smartphone era, so I know they're using caller ID spoofing in some way.
The article doesn't mention Google Voice compatibility, but I hope they're able to keep that compatible, as I've been using Google voice as my primary number for a couple decades. I got a number back before Google even bought out the service, Grand Central.
Upvote
1
(1
/
0)
Hope this works. I am getting a couple of spoofed calls every day. 90% of the calls I get are fake numbers.
Upvote
0
(0
/
0)
This is the first proper iteration.
Now Google are rolling this out, they have the ability to go to Apple to support the other end of the service on iPhones, and also (and easier) to go to Samsung etc for other variations of Android.
Upvote
0
(0
/
0)
Cheers to everyone who voted but I'm disappointed that 17 doesn't start with X. Although Al points out they gave up at W (or possibly V).
Upvote
0
(0
/
0)