Google Partners with Amnesty International to Enhance Spyware Detection
Google has introduced a new feature for Android phones, called Intrusion Logging, which is designed to make it harder for spyware vendors to hide. This feature, developed in partnership with Amnesty International, keeps track of possible intrusions for forensic purposes, including device unlocking, physical access, and spyware installation and removal.
According to Amnesty International, this feature promises to be a major aid to digital forensics researchers undertaking investigations into sophisticated attacks on Android devices. This is the first time a major device vendor has released a feature specifically to enhance the ability to forensically detect and respond to advanced digital threats.
How Intrusion Logging Works
Intrusion Logging is a feature of Android Advanced Protection Mode, which is designed to provide an additional layer of security for users. The feature keeps records of security incidents, including device unlocking, physical access, and spyware installation and removal. These logs can be used by forensic analysts to investigate suspected security incidents.
To enable Intrusion Logging, users need to be using Android Advanced Protection Mode, and can find the feature at Settings > Security & privacy > Advanced Protection > Intrusion Logging. If users suspect a security incident, they will need to export and share the logs with a forensic analyst.
Limitations and Future Developments
While Intrusion Logging is a significant step forward in the fight against spyware, it does have some limitations. The feature requires Android 16 and is only available for now on Pixel devices. Additionally, the device must be linked to a Google account, and the logs may include sensitive information, such as browser navigation history, so secure sharing of the logs is important.
Amnesty International has noted that the logs may also be deletable by attackers, but understands that there are plans to strengthen protections against this in future versions. Furthermore, many attacks would be detectable in the logs, even if attackers do not have the root access needed to try to delete logs.
Industry Response and Comparison
Intrusion Logging joins an expanding slate of features from tech companies to fight sophisticated attacks, including Apple's Lockdown Mode and Memory Integrity Enforcement, and WhatsApp's Strict Account Settings. According to Donncha Ó Cearbhaill, head of the Amnesty International Security Lab, Intrusion Logging promises to help shift the balance to the advantage of defenders, providing civil society investigators with the key evidence needed to detect and expose some of the most advanced attacks facing journalists and activists.
Eugene Liderman, director of Android security and privacy, wrote that Intrusion Logging enables persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise. This feature is a significant step forward in the fight against spyware and other sophisticated attacks, and demonstrates Google's commitment to enhancing the security and privacy of its users.
- Google has launched Intrusion Logging, a feature for Android phones that keeps track of possible intrusions for forensic purposes.
- The feature is designed to make it harder for spyware vendors to hide and is developed in partnership with Amnesty International.
- Intrusion Logging is a feature of Android Advanced Protection Mode and keeps records of security incidents, including device unlocking, physical access, and spyware installation and removal.
- The feature has some limitations, including requiring Android 16 and only being available on Pixel devices, and the logs may include sensitive information.
- Intrusion Logging joins an expanding slate of features from tech companies to fight sophisticated attacks, including Apple's Lockdown Mode and WhatsApp's Strict Account Settings.
Source: CyberScoop