Android Fights Phone Scams with New Caller Verification Feature

I’ve spent years tracking the evolution of phone scams, so when Google offered to walk me through a new Android feature designed to catch spoofed calls, I was ready to take notes. What I wasn’t ready for was hearing my own voice coming out of the demo phone.

“I’m so excited to be interviewing you today about this new fake-call detection feature!” the recording said, as a headshot I’ve used publicly for years flashed on the screen. The caller ID read “Lily.” Then came the pitch: “Unfortunately, I lost my wallet and I’m stuck. Any chance you can Venmo me so I can take an Uber to the interview?”

As my disembodied voice calmly made the request, a pop-up appeared over the call screen: “This may not be Lily. Someone may be pretending to call from your contact’s number.”

For Android phones calling each other, this new feature performs a digital validity check and issues a pop-up warning if a call isn’t actually coming from your contact’s smartphone , signaling it could be a scam. When the system flags a call as suspicious, it instantly removes the contact photo from the background of the call screen to emphasize the seriousness (the prototype demo Google showed WIRED didn’t include this visual cue). It also changes the entry in Android’s recent call log to read “Unknown caller” instead of showing the contact name.

Spam calls have plagued phone users for decades, and the threat has only intensified as attackers now incorporate AI voice-cloning tools into their schemes. These tools allow scammers to convincingly mimic a victim’s acquaintance , or even a family member , in real time. While years of effort have improved detection of traditional robocalling, the problem hasn’t been eliminated, and not all spam calls get flagged. The calls that slip through are especially dangerous because attackers focus on impersonation scams , making it appear their call is coming from a number you trust or recognize, then using AI to sound like the person you expect when you answer.

With these invasive and potentially devastating scams on the rise, Dave Kleidermacher, Android’s vice president of security and privacy, and Eugene Liderman, director of Android security and privacy product, say Google felt a strong need to advance defenses for potential victims. They stressed that while one obvious approach is to fight fire with fire , using AI to detect voice clones in calls , that strategy alone isn’t enough. It can produce false positives and false negatives, and it risks fueling an endless arms race between attackers and defenders.

“We’re always looking at whether there is a provable way, something much higher confidence that we can do,” Kleidermacher says.

The feature is built on the RCS communication standard and integrated into the Google Dialer. Starting today, it will roll out in updates for all Android phones running Android 12 (from 2021) and later. The mechanism uses RCS to digitally bind your phone number to your actual smartphone handset. When you call another Android user, your device sends what Kleidermacher calls “a real-time, silent background confirmation signal” to the recipient’s phone to verify the call’s legitimacy. If that hardware-based confirmation is missing, the Google Dialer flags the call.

“If you’re calling me and we’re in each other’s mutual contacts databases, and we’re both using the Google dialer that has this capability built into it, then I will always know if it’s really you,” Kleidermacher says. “If someone tries to call me through a VoIP session or some other mechanism and spoof your phone number and your voice, the Dialer will say that this is not you.”