Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Staff Editor 2026-05-13
Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

https://thehackernews.com/2026/05/android-adds-intrusion-logging-for.html

Publish Date: 2026-05-13 02:55:00

Source Domain: thehackernews.com

Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks.

Intrusion Logging, available as part of Advanced Protection Mode, enables “persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise,” the company said.

The feature, it added, was developed in partnership with Amnesty International and Reporters Without Borders. According to a help document shared by Google, it logs device and network activities on a daily basis, including information about device behavior and the various applications that run on it.

The kinds of activities recorded are listed below –

  • App activity (e.g., when an app process starts)
  • App installations, updates, and uninstalls
  • Network connections like starting and stopping Wi-Fi, Bluetooth, DNS lookups, and IP addresses
  • File transfers to or from the device over USB
  • Changes to system certificates
  • When the device is locked or unlocked

Google also noted that the log data is end-to-end encrypted by the device and stored on Google servers. The encryption keys are secured by Google Account password and screen lock credentials, meaning the logs cannot be accessed by any third-party, including Google itself, apart from the device owner.

“By storing the data on a secure server, even malware installed on the smartphone cannot access, delete, or manipulate it,” Reporters Without Borders said. “End-to-end encryption also ensures that neither Google nor state actors can access the data. The Intrusion Logging function in particular enables detection and forensic analysis of even highly sophisticated and previously difficult-to-detect attacks.”

The encrypted logs are stored for a period of 12 months, after which they are automatically wiped. Once Intrusion Logging is enabled, a user cannot delete the logs before the 12-month expiration window, even if the account is closed or the…

Source

More Stories

Prince Harry Did a Total 180 About His & Meghan Markle’s Kids Privacy

Prince Harry Did a Total 180 About His & Meghan Markle’s Kids Privacy

Staff Editor 2026-06-06
Brave Origin strips AI, Rewards, and VPN for privacy purists

Brave Origin strips AI, Rewards, and VPN for privacy purists

Staff Editor 2026-06-06
X-VPN Announces Successful Completion of Independent No-Logs Audit, Strengthening User Privacy and Transparency

X-VPN Announces Successful Completion of Independent No-Logs Audit, Strengthening User Privacy and Transparency

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy