Skip to content
Tech News
← Back to articles

Google launches new Android security feature to help uncover spyware attacks

2026-05-12 | original
read original get Android Security Patch Kit → more articles
Why This Matters

Google's new Intrusion Logging feature enhances Android's security by providing detailed logs to help researchers detect and investigate spyware attacks. This development marks a significant step forward in mobile security, offering better forensic capabilities and aiding in the fight against sophisticated surveillance threats. It underscores Google's commitment to empowering users and security professionals against increasingly complex cyber threats.

Key Takeaways

Google is rolling out a new opt-in feature in Android that aims to help security researchers investigate spyware attacks.

The feature is called “Intrusion Logging” and is part of Android’s Advanced Protection Mode, which Google launched last year, an opt-in special security mode that enables certain features with the goal of making the device harder to hack. Advanced Protection Mode is designed to counter government spyware attacks and police forensic devices that try to extract data from a person’s phone.

These two types of attacks can also be combined. In at least one documented case in Serbia, authorities used a law enforcement forensic tool made by Cellebrite to unlock a device, and then installed spyware as a further step to continue monitoring the target.

The rollout of Intrusion Logging is the first time a phone maker has launched a feature with the goal of helping security researchers investigate spyware attacks. To achieve that, Android’s Intrusion Logging creates a new type of log, which records errors and collects evidence when something goes wrong with the software, to provide visibility into suspected spyware attacks.

Amnesty International, which worked with Google to develop the feature, called Intrusion Logging “a fundamental shift in the amount and quality of forensic data available on Android devices.”

“Until now, forensic analysis has relied on logs that were never designed for intrusion detection,” Amnesty wrote in a blog post that explains in detail how Intrusion Logging works. That meant earlier logs were not that useful for researchers, as they did not remain on the device for long and were often overwritten, effectively erasing potential evidence of attacks.

Donncha Ó Cearbhaill, the head of Amnesty’s Security Lab, told TechCrunch that Android’s technical limits “have made it difficult to deeply analyze system logs and files for signs of compromise, unlike with iOS.”

“These limits have meant we've been unable to reliably detect known attacks against Android,” said Ó Cearbhaill, who has for years investigated dozens of cases of spyware abuse around the world.

The ability to better detect spyware attacks should improve with Intrusion Logging. Google announced the feature a year ago, but the company is deploying it only now. In a Tuesday blog post, Google said that Intrusion Logging “is currently rolling out to all devices running the Android 16 December update and newer.”

How Intrusion Logging works

... continue reading

Explore topics: android google intrusion logging advanced protection mode spyware
Related:
The US smartphone slump is hitting Android makers harder than Apple
Google is Unleashing Gemini on Android Users
Android 17 Will Excite the Rich. But What About the Rest of Us?
Google Announces Its Chromebook Successor: the Googlebook
Google races to put Gemini at the center of Android before Apple’s AI reboot

© 2026 GoKawiil

About | Editorial Policy | Contact