Google Launches Android Spyware Forensics Tool for High-Risk Users
Google Launches Android Spyware Forensics Tool for High-Risk Users
https://www.infosecurity-magazine.com/news/google-launches-android-spyware/
Publish Date: 2026-05-14 09:30:00
Source Domain: www.infosecurity-magazine.com
Google is rolling out a new feature that will help investigate spyware attacks on Android devices.
The new tool, called Android Intrusion Logging, was released on May 12 as part of Google’s Android Advanced Protection Mode (AAPM).
This mode, which can be likened to Apple’s Lockdown Mode, was launched in 2025. Designed to enhance the security of Android devices for at-risk users, AAPM packages a set of pre-determined features designed to bolster device protection against scams, fraud and targeted attacks.
AAPM’s newest feature, Intrusion Logging, was developed by Google in partnership with civil society organizations, including Amnesty International’s ’s Security Lab and Reporters Without Borders’ Digital Security Lab.
With Intrusion Logging, high-risk Android users can log their device and network activities for times when they notice suspicious activity or suspect their device has been infected with malware.
By doing that, they will allow trusted security experts to perform forensic investigations into their device’s behavior, including applications that run on it.
These logs include:
- Security events (e.g. device unlocking, physical access and abusive interactions)
- Spyware installation and removal
- Domain name system (DNS) and connections events
All forensic logs, collected once a day by default, are encrypted with a user-generated key before the logs are securely archived in the user’s Google account. The logs can later be accessed and decrypted by the user, but not by Google or any unauthorized third parties.
When forensic analysis is required, the device owner must explicitly share these logs from the device itself in a secure manner with the forensic analyst.
“Intrusion Logging logs may include sensitive information such as browser navigation history. Secure sharing of logs and informed consent are therefore more essential than ever,” warned Amnesty International in a May 12 report.
Donncha Ó Cearbhaill, head of security at…
