“I’m so excited to interview you today about this new fake-call detection feature!” I heard myself say while a headshot I’d been using in public for years popped up on the demo device. The caller ID name was reported as “Lily.” “Unfortunately, I lost my wallet and I’m stuck. Can you Venmo me so I can get an Uber to the interview?”
As my disembodied voice asked calmly, the regular call appeared as a pop-up overlay on the screen: “It can’t be Lily. Someone may be pretending to call from your contact’s number.”
For Android phones calling each other, the new feature checks digital validity and marks with a pop-up warning if the call isn’t coming from your contact’s smartphone and could be a scam. When the feature flags a call as a scam, it immediately removes the contact photo from the background of the call to underline the seriousness of the situation (not shown in the prototype demo created by Google for WIRED). And the feature also changes the entry in Android’s recent calls log to say “Unknown Caller” instead of displaying the contact name.
Spam calls have been a scourge for decades, and the threat has grown even greater as attackers have begun incorporating AI voice-cloning tools into their attacks – making it possible to mimic a victim’s acquaintance, or even family member, in real time. And while years of effort have improved traditional robocalling detection, it has not eliminated the problem, and not all spam calls are flagged. Those calls that still slip through the cracks are particularly problematic as attackers focus their attention on impersonation scams – making it seem like their call is coming from a number you trust, or at least recognize, and then using AI tools to make them sound like the person you expect when you pick up.
With these types of invasive and potentially devastating scams on the rise, Android vice president of security and privacy Dave Kledermacher and Android security and privacy product director Eugene Lederman say there was a real desire within Google to step up protections for victims. And he emphasized that while one obvious strategy is to try to fight fire with fire – using AI tools to help detect voice clones in calls – this strategy alone is inadequate. This can lead to false positives and false negatives, but it can also lead to an endless arms race between attackers and defenders.
“We’re always looking to see if there’s a proven method that we can do with a lot of confidence,” says Kledermacher.
This feature is built on the RCS communications standard and baked into Google Dialer. Starting today, it will start rolling out the update for all Android phones running Android 12 (from 2021) and above. This mechanism uses RCS to digitally link your phone number with your actual smartphone handset. When you call another Android user, your device will send what Claydermacher describes as “a real-time, silent background confirmation signal” to the device of the person you’re calling to verify the validity of your call. If that hardware-based verification is missing, Google Dialer will flag the call.
“If you’re calling me and we’re in each other’s mutual contact database, and we’re both using Google Dialer which has this capability built in, I’ll always know if it’s really you,” says Kleidermacher. “If someone tries to call me through a VoIP session or any other mechanism and spoofs your phone number and your voice, the dialer will say it’s not you.”
<a href