惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
F
Fortinet All Blogs
阮一峰的网络日志
阮一峰的网络日志
Apple Machine Learning Research
Apple Machine Learning Research
爱范儿
爱范儿
WordPress大学
WordPress大学
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
J
Java Code Geeks
罗磊的独立博客
S
SegmentFault 最新的问题
V
V2EX
V
Visual Studio Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
美团技术团队
博客园 - 三生石上(FineUI控件)
Stack Overflow Blog
Stack Overflow Blog
Y
Y Combinator Blog
MyScale Blog
MyScale Blog
D
Docker
Google DeepMind News
Google DeepMind News
Blog — PlanetScale
Blog — PlanetScale
M
Microsoft Research Blog - Microsoft Research
Martin Fowler
Martin Fowler
S
Secure Thoughts
B
Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Recent Announcements
Recent Announcements
MongoDB | Blog
MongoDB | Blog
C
Cisco Blogs
C
CERT Recently Published Vulnerability Notes
T
True Tiger Recordings
GbyAI
GbyAI
P
Proofpoint News Feed
P
Privacy International News Feed
Jina AI
Jina AI
The Cloudflare Blog
I
Intezer
AWS News Blog
AWS News Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
S
Security Archives - TechRepublic
NISL@THU
NISL@THU
The Register - Security
The Register - Security
Recent Commits to openclaw:main
Recent Commits to openclaw:main
P
Palo Alto Networks Blog
S
Schneier on Security
L
LINUX DO - 热门话题
C
CXSECURITY Database RSS Feed - CXSecurity.com
Security Latest
Security Latest
C
Cybersecurity and Infrastructure Security Agency CISA

www.infosecurity-magazine.com

Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning Apple Blocked $2.2bn in App Store Fraud in the Last Year Cybercriminal VPN Dismantled in Europol Crackdown GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension Three-Quarters of Firms Knowingly Ship Vulnerable Code Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes Grafana Labs Says Code Breach Stemmed from TanStack Attack Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem China-Linked Webworm APT Evolves Tactics, Expands to European Targets GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension Researchers Warn CypherLoc Scareware Has Targeted Millions of Users Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software Agentic AI Accelerates Software Builds and Mobile App Attacks Grafana Labs Confirms Hackers Stole Source Code Hackers Bypass Security Tools to Target Users Directly Interpol Launches Sweeping Cybercrime Crackdown in MENA Region The Infosecurity Europe Cyber Startup Competition: Meet the Finalists NCSC Publishes Guidance on Securing Agentic AI Use Security Researchers Find 47 Zero-Days at Pwn2Own Berlin Bank of England, FCA and Treasury Raise Alarm Over Frontier AI Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer Mustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage Campaign New Fragnesia Flaw Hands Linux Local Users Root Access Most Organizations Now Use AI Agents for Sensitive Security Tasks ICO Publishes Five-Step Plan to Counter Emerging AI-Powered Attacks Canvas Owner Reaches Agreement With Cybercriminals After Ransomware Attack Avada Builder Flaws Expose One Million WordPress Sites Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers Global Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks UK Cybersecurity Market Expands to £14.7bn with Strong Growth in AI Security Firms Microsoft Fixes 17 Critical Flaws in May Patch Tuesday OpenAI Launches 'Daybreak' to Help Build Secure By Design Software Mini Shai-Hulud Hits TanStack npm Packages End‑to‑End Encrypted RCS Messaging Arrives Across iPhone and Android Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence Malicious Hugging Face Repository Typosquats OpenAI South Staffordshire Water Fined £1m After Data Breach TrickMo Variant Routes Android Trojan Traffic Through TON Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities Fake Claude Code Page Pushes PowerShell Stealer at Devs Hackers Observed Using AI to Develop Zero-Day for the First Time US: FCC Relaxes Foreign-Made Router Ban to Allow for Security Updates ShinyHunters Escalates Canvas Extortion with School by School Ransom Campaign Zara Data Breach Impacts Nearly 200,000 Customers Police Shut Relaunched Crimenetwork Dark Web Marketplace Australian Cyber Security Centre Issues Alert Over ClickFix Attacks PCPJack Campaign Boots TeamPCP Off Compromised Machines Legacy Security Tools Are Failing Data Protection, Capital One Software Report Finds Cline Kanban Flaw Lets Websites Hijack AI Coding Agents OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos Fake Claude AI Site Drops Beagle Backdoor on Windows Users Daemon Tools Developer Confirms Software Was Trojanized Researchers Spot Uptick in Use of Vercel for Phishing Campaigns CloudZ Malware Abuses Phone Link to Steal SMS OTPs CISA Urges Critical Infrastructure Providers to Make Plans to Remain Operational if hit by Cyber-Attack Iran-Linked APT Posed as Chaos Ransomware Member in Espionage Campaign One in Eight Workers Has Sold Their Corporate Logins Microsoft Flags Mass Phishing Campaign Using Fake Compliance Emails North Korean APT Targets Yanbian Gamers via Trojanized Platform Fake SSA Emails Drive Venomous#Helper Phishing Campaign AI Adoption Outpaces Safety Policies, Leaving Organizations Exposed to Cyber Risk NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave” Trellix Reveals Unauthorized Access to Source Code Small Defense Firms Lack Network Data to Stop Nation-State Hackers, Analyst Says OpenAI To Extend Cyber Program to Government Agencies Anthropic Rolls Out Claude Security for AI Vulnerability Scanning Two American Cybersecurity Workers Jailed for BlackCat Ransomware Attacks Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher Three Arrested for Hacking Over 610,000 Roblox Accounts Deep#Door Python Backdoor Evades Detection On Windows CISA and Partners Publish Zero Trust Guidance For OT Security UK: Education Sector Faces Surge in Cyber Breaches Despite Stable National Threat Levels Europol Busts Albanian Scam Call Centers in Major Online Fraud Case Cyber is the Number One Global “People Risk,” Says Marsh Cursor Extension Flaw Exposes Developer API Keys Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets Researchers Track 2.9 Billion Compromised Credentials Critical Flaw Turns Vect Ransomware into Data Destroying Wiper A Quarter of Healthcare Organizations Report Medical Device Cyber-Attacks Medtronic Confirms Data Breach After ShinyHunters Claims Ransomware Turf War as 0APT and KryBit Groups Trade Blows Chinese National Extradited Over Silk Typhoon Cyber Campaign No Metrics Are Better Than Bad Metrics in the SOC, Says NCSC North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures US Sanctions Target Cambodian Scam Network Leaders Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected Widely Used Browser Extensions Selling User Data Most Cybersecurity Professionals Feel Undervalued and Underpaid Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet BlackFile Group Targets Retail and Hospitality with Vishing Attacks UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China AI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation Google Favors General‑Purpose Gemini Models Over Cybersecurity‑Specific AI Apple Fixes iOS Notification Bug Exposing Deleted Messages
Google Launches Android Spyware Forensics Tool for High-Risk Users
2026-05-14 · via www.infosecurity-magazine.com

Written by

Photo of Kevin Poireault

Google is rolling out a new feature that will help investigate spyware attacks on Android devices.

The new tool, called Android Intrusion Logging, was released on May 12 as part of Google’s Android Advanced Protection Mode (AAPM).

This mode, which can be likened to Apple’s Lockdown Mode, was launched in 2025. Designed to enhance the security of Android devices for at-risk users, AAPM packages a set of pre-determined features designed to bolster device protection against scams, fraud and targeted attacks.

AAPM’s newest feature, Intrusion Logging, was developed by Google in partnership with civil society organizations, including Amnesty International’s ’s Security Lab and Reporters Without Borders' Digital Security Lab.

With Intrusion Logging, high-risk Android users can log their device and network activities for times when they notice suspicious activity or suspect their device has been infected with malware.

By doing that, they will allow trusted security experts to perform forensic investigations into their device's behavior, including applications that run on it.

These logs include:

  • Security events (e.g. device unlocking, physical access and abusive interactions)
  • Spyware installation and removal
  • Domain name system (DNS) and connections events

All forensic logs, collected once a day by default, are encrypted with a user-generated key before the logs are securely archived in the user’s Google account. The logs can later be accessed and decrypted by the user, but not by Google or any unauthorized third parties.

When forensic analysis is required, the device owner must explicitly share these logs from the device itself in a secure manner with the forensic analyst.

On Google Pixel devices, the Intrusion Logging feature can be found under the Menu: Settings > Security & privacy > Advanced Protection > Device protection. Source: Amnesty International
On Google Pixel devices, the Intrusion Logging feature can be found under the Menu: Settings > Security & privacy > Advanced Protection > Device protection. Source: Amnesty International

“Intrusion Logging logs may include sensitive information such as browser navigation history. Secure sharing of logs and informed consent are therefore more essential than ever,” warned Amnesty International in a May 12 report.

Donncha Ó Cearbhaill, head of security at Amnesty Tech, praised Google for the release of Intrusion Logging on X. He explained that spyware forensic work “has so far relied on incidental logs that were never designed for security analysis and are too often partial and short-lived.”

“Now we have the possibility to detect advanced spyware, exploits, unauthorized physical access, even months after the fact,” he added.

The feature is opt-in for Pixel devices on Android 16 and later versions with Advanced Protection mode enabled. Users who wish to benefit from Intrusion Logging must have a Google account linked to their device.

Google plans to roll Intrusion Logging out beyond Pixel devices in the future.

In parallel to the introduction of Intrusion Logging, Amnesty International has releasing updates to Android Quick Forensics (AndroidQF).

AndroidQF is a lightweight open source forensic tool for Android devices to quickly extract and analyze critical evidence during investigations, and the Mobile Verification Toolkit (MVT), an Amnesty-made, open source toolkit to simplify and automate the process of gathering forensic traces to identify a potential compromise of Android and iOS devices.

Latest Updates to Android Advanced Protection Mode

Google also has rolled out a package of updates to its Android Advanced Protection Mode. These include:

  • USB Protection: Now available on all Pixel devices running Android 16 and newer, this feature blocks new USB data connections while the device screen is locked
  • Restricted accessibility services: Starting with Android 17, the mode will remove accessibility service access for all apps that are not explicitly labeled as accessibility tools to prevent malicious exploitation
  • Disabled device-to-device unlocking: To enhance physical security, the ability to unlock one device using another nearby trusted device is being disabled
  • Chrome WebGPU support removal: Support for WebGPU in Chrome will be disabled within this mode to reduce the browser's attack surface
  • Chat notification scam detection: The mode will now integrate scam detection specifically for chat notifications to help identify and block fraudulent messages.

Finally, Advanced Protection will be expanded to support managed devices through Android Enterprise later this year.

Image credits: Thrive Studios ID / DIA TV / Shutterstock.com

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。