Skip to main content
CybersecuritySocial Engineering

Google Bolsters Android Defenses Against AI-Powered Scam Calls

Smartphone displays call interface with warning message on screen.

"If a scammer tries to impersonate your contact, that initial confirmation signal will be missing. Your device will instantly notice this and ping your contact's actual device to double-check," Google said.

How the fake call detection feature works in real time

Google's new "fake call detection" runs automatically when both caller and recipient use Phone by Google. According to Google, a caller's device sends a silent, encrypted confirmation signal to the recipient's device in real time when a contact places a call. If that signal is absent — a possible sign the call is spoofed — the recipient's device will ping the contact's actual phone to verify who is placing the call. If the contact's device confirms it is not making a call, the recipient receives an on-screen warning advising them to hang up immediately.

Phone by Google, Contacts, Google Messages and RCS: the required stack

Google says fake call detection is built on top of the Rich Communication Services (RCS) open standard and will only work on Android devices that have three specific apps installed: Phone by Google, Contacts, and Google Messages with RCS enabled. The company also noted the feature is rolling out globally this month to Android 12 and later devices, starting with Pixel devices, and will be enabled by default. If a user's device uses a different dialer, Google recommends installing Phone by Google from the Play Store and setting it as the default phone app to receive the protection.

Why Google is targeting AI voice-cloning and caller ID spoofing

Google framed the rollout as a response to two related fraud tactics: scammers spoofing a familiar contact's phone number and using AI voice-cloning technology to mimic that person's voice. "For years, people have relied on caller ID to know who is on the other end of the line, but this is no longer sufficient due to scammers' new tactics," Google said. The fake call detection feature is therefore designed to add a cryptographic, device-level confirmation on top of traditional caller ID.

FTC and INTERPOL figures that shape the risk picture

The timing of the announcement comes amid striking figures cited by Google and the broader fraud-monitoring community. The U.S. Federal Trade Commission warned that reported losses from impersonation scams reached $2.95 billion in 2024 alone. INTERPOL's March 2026 Global Financial Fraud Threat Assessment flagged impersonation fraud as one of the leading threats and attributed it to contributing to more than $440 billion in global losses last year. Those numbers are the yardstick Google used in explaining why caller ID is no longer sufficient.

What this means for end users, financial apps, and attackers

  • End users: Devices that meet the app and OS requirements will receive the feature enabled by default; users of other dialers must install Phone by Google and enable RCS in Google Messages to get protection. The flow is automatic when both endpoints support the mechanism and will present an on-screen warning if the contact’s device confirms no call is being placed.
  • Financial apps and banks: Google said in December it expanded Android in-call scam protection to multiple banks and financial apps in the United States, naming Cash App (with 57 million users) and the JPMorganChase mobile banking app (with over 50 million downloads) as examples of apps included in that effort. Those prior integrations indicate Google is already extending call-protection features to platforms where scam impact is high.
  • Adversaries and scam operators: The new confirmation signal and fallback verification ping introduce a device-level check that, per Google, will be missing in calls that are merely spoofing numbers and using cloned voices. That technical barrier is explicitly aimed at defeating the combination of number spoofing and AI voice-cloning cited in the announcement.

Rollout and next steps

Google described the rollout as global and occurring "this month" for Android 12 and later devices, beginning with Pixel devices, and emphasized the feature will be enabled by default. The company framed the feature as an addition to existing protections, pointing users of alternative apps to install Phone by Google and enable RCS in Google Messages to benefit from the detection system.

Google's approach packs a pragmatic trade: it layers an RCS-based, encrypted confirmation on top of voice calling but requires specific apps and RCS support on both ends to operate. With federal and international agencies citing large and growing losses from impersonation fraud, Google's new detection mechanism is positioned as a targeted technical fix for a clearly defined scam vector.

Original story