Google Rolls Out Android 16 Intrusion Logging for Pixel Devices as Spyware Forensics Expand
Updated
Updated · TechCrunch · May 12
Google Rolls Out Android 16 Intrusion Logging for Pixel Devices as Spyware Forensics Expand
11 articles · Updated · TechCrunch · May 12
Google is deploying Intrusion Logging to devices running the Android 16 December update, adding an opt-in forensic log inside Advanced Protection Mode to help investigate spyware attacks.
The feature creates daily encrypted logs stored in a user’s Google account, preserving evidence that spyware might otherwise erase while keeping the data inaccessible to Google unless users choose to share it.
Those logs track events such as phone unlocks, app installs and removals, website and server connections, Android Debug Bridge access, and attempts to delete records—signals investigators can use to reconstruct compromises.
Amnesty International, which helped develop the tool, called it a major shift for Android forensics because older system logs were short-lived and often too limited to reliably detect known attacks.
Availability is still narrow: users must enable Advanced Protection Mode, run the latest software, use a Google-made Pixel, and link the device to a Google account.
With spyware targeting activists globally, why is Google's new anti-spyware tool available only on its own Pixel phones?
Does Google's new security tool create a centralized privacy risk by storing sensitive user logs in the cloud for a full year?
Can a post-attack logging tool truly counter spyware that uses zero-day exploits to gain complete control over a device?
Google’s Intrusion Logging in Android 16: A Forensic Security Breakthrough for High-Risk Users
Overview
Google has strengthened Android security by introducing Intrusion Logging in the Android 16 December update. This opt-in feature, part of Advanced Protection, records detailed, tamper-proof, and end-to-end encrypted logs of device and network activity. These robust and privacy-preserving forensic logs help users and experts investigate devices suspected of compromise. By enabling this system, Google provides stronger defenses against scams, fraud, and targeted attacks, especially for high-risk users. Intrusion Logging marks a crucial enhancement, offering users greater control and insight into their device’s security while maintaining privacy and data integrity.