The function, known as “Intrusion Logging,” is a component of Android’s Advanced Protection Mode, an opt-in special security mode that Google introduced last year. Its purpose is to make the device more difficult to hack by activating specific capabilities. Advanced Protection Mode is intended to thwart police forensic tools and government spyware attacks that attempt to retrieve data from a person’s phone. It is also possible to combine these two kinds of attacks. In at least one recorded instance in Serbia, police unlocked a smartphone using a Cellebrite law enforcement forensic tool before installing malware to keep an eye on the victim. For the first time, a phone manufacturer has introduced a tool aimed at assisting security researchers in their investigation of spyware attacks: Intrusion Logging. In order to offer insight into suspected spyware attacks, Android’s Intrusion Logging develops a new kind of log that logs failures and gathers evidence when something goes wrong with the software. Intrusion Logging is “a fundamental shift in the volume and quality of forensic data available on Android devices,” according to Amnesty International, which collaborated with Google to create the function.
Google introduces a new security tool for Android to assist detect malware assaults.
