The end of fake calls on Android?

Google has built an advanced feature into the Android operating system to detect fake phone calls. The new security solution uses the RCS network protocol to verify that a call that appears on the screen under the name of a saved contact is actually coming from that person's mobile device. Google officially announced the new feature on its security blog, and the global rollout through the Phone by Google app begins this month on all devices running Android 12 or later, with Google's own Pixel phones taking priority.

This protection works like an invisible, silent digital handshake between two smartphones. When someone in your phonebook calls you and both parties are using Google's calling app, the caller's device sends an encrypted confirmation signal via the RCS protocol. This signal proves that the call is coming from the right hardware. If this signal is missing, which happens with malicious calls where scammers simply use software to spoof a phone number, the recipient's screen will display a warning asking them to end the call immediately. The entire verification process takes place over an encrypted RCS connection, meaning that the audio or content of the conversation is never transmitted to Google's servers. The feature is enabled by default and requires no customization from the user.

The system only works when both parties are using Google's Phone app. This is installed by default on most Android devices, but users with other system apps can download it for free from the Play Store and set it as the default.

This feature should not be confused with Google's existing Scam Detection system. While the AI-powered system listens to conversations with unknown numbers directly on your device and looks for suspicious patterns, such as urgent requests for money, the fake call detection system doesn't analyze the audio at all. It works purely at the hardware routing level, preventing criminals from misusing the identities of your friends or family.

The need for such protection is extraordinary, as attackers’ tactics have changed since people stopped answering unknown numbers. Fraudsters now use online software to spoof a trusted person’s number, then use artificial intelligence to clone their voice. Interpol’s Financial Fraud Threat Assessment revealed that this type of identity theft caused more than an estimated $345 billion in global losses last year.

The new feature builds on the financial call verification technology that Google introduced earlier this year to combat bank phishing. The system is intentionally built on the open RCS standard, which allows other developers and phone manufacturers to adopt this type of protection in the future.