Android rolls – Google says a new Android feature will use RCS to digitally verify that calls between Android phones come from the actual device tied to a contact—flagging spoofed numbers with a simple on-screen warning.
The demo started like a joke, then turned into a warning.
In front of a Google team previewing a new Android feature meant to stop phone scams. the device dialed using a familiar contact name: “Lily.” Then the voice that came from the call wasn’t Lily at all—it was the reporter’s own voice. pulled from a headshot he uses publicly. “I’m so excited to be interviewing you today about this new fake call detection feature!” the voice said. as if he’d agreed to it.
In the middle of that surreal moment, the call screen threw up an overlay: “This may not be Lily. Someone may be pretending to call from your contact’s number.” The warning didn’t try to explain everything. It just told the truth in plain language—possibly not the person you think you’re picking up.
That’s the promise behind Google’s new Android protection against a specific kind of scam that’s become harder to catch. Spam calling has been a scourge for decades, and detection systems improved as robocalling evolved. But Google says the problem never fully went away. and the calls that slip through are increasingly the ones built on impersonation—scams that make an incoming call appear to come from a number victims recognize. or at least trust. Attackers have also moved to AI voice-cloning tools. allowing them to mimic an acquaintance or even a family member in real time.
Dave Kleidermacher. Android’s vice president of security and privacy. and Eugene Liderman. director of Android security and privacy product. said the goal inside Google is to push defenses forward in a way that’s more reliable than simply trying to outsmart voice-clone attacks with more voice-clone detection.
They described a tension that anyone dealing with fraud knows too well: fighting fire with fire can work in some cases, but it can also create an endless arms race. It can also produce mistakes—false positives and false negatives.
“We’re always looking at whether there is a provable way, something much higher confidence that we can do,” Kleidermacher said.
The “provable” part is what Google is now rolling out. The feature is built on the RCS communication standard and baked into the Google Dialer. Starting today, it begins rolling out in updates for all Android phones running Android 12 (from 2021) and later.
The mechanism is designed to work quietly in the background. Using RCS, your phone digitally binds your phone number to your actual smartphone handset. When you call another Android user. your device sends what Kleidermacher described as “a real-time. silent background confirmation signal” to the device of the person you’re calling to verify the legitimacy of the call.
If that hardware-based confirmation is missing, the Google Dialer flags the call.
Kleidermacher framed it as a check that should be straightforward when people are both on the same system. “If you’re calling me and we’re in each others’ mutual contacts databases. and we’re both using the Google dialer that has this capability built into it. then I will always know if it’s really you. ” he said. “If someone tries to call me through a VoIP session or some other mechanism and spoof your phone number and your voice. the Dialer will say that this is not you.”.
The screen response is intentionally simple. For a potential scam call, the pop-up warning offers the option to hang up.
But Google’s approach also highlights a hard constraint: for this kind of verification to matter at scale, it would need to be present widely across devices—including outside Android.
Phones running Android 12 or later are common around the world. but Google says the feature’s impact depends on adoption across essentially every device. including Apple’s iPhones. Google built the capability on RCS so it can be maximally interoperable with as many platforms as possible. Apple did not immediately return a request for comment on whether it has plans to implement the feature—or something similar in iOS.
The stakes are personal, and Google underscored that with its own description of why this is different from generic spam. Kleidermacher said some attacks individually are devastating, and that people lose a lot. “Some of these attacks individually are just very devastating,” he said. “People lose a lot, and it’s very scary.”.
Android Google Dialer RCS spoofed calls phone scams AI voice cloning cybersecurity Android 12