Google has launched a brand new characteristic known as Identification Test for supported Android gadgets that locks delicate settings behind biometric authentication when outdoors of trusted places.
“When you turn on Identity Check, your device will require explicit biometric authentication to access certain sensitive resources when you’re outside of trusted locations,” Google stated in a put up saying the transfer.
In doing so, biometric authentication can be required for the next actions –
- Entry saved passwords and passkeys with Google Password Supervisor
- Autofill passwords in apps from Google Password Supervisor, besides in Chrome
- Change display lock, like PIN, sample, and password
- Change biometrics, like Fingerprint or Face Unlock
- Run a manufacturing facility reset
- Flip off Discover My Machine
- Flip off any theft safety options
- View trusted locations
- Flip off Identification Test
- Arrange a brand new gadget together with your present gadget
- Add or take away a Google Account
- Entry Developer choices
Identification Test can also be designed to activate enhanced safety for Google Accounts to stop unauthorized people from taking management of any Google Account signed in on the gadget.
The characteristic is at present restricted to Google’s personal Pixel telephones with Android 15 and eligible Samsung Galaxy telephones operating One UI 7. It may be enabled by navigating to Settings > Google > All companies > Theft safety > Identification Test.
The disclosure comes as Google has been including a gradual stream of safety features to safe gadgets towards theft, comparable to Theft Detection Lock, Offline Machine Lock, and Distant Lock.
Google additionally stated it has rolled out its synthetic intelligence-powered Theft Detection Lock to all Android gadgets operating Android 10 and later the world over, and that it is working with the GSMA and business consultants to fight cellular gadget theft by sharing info, instruments and prevention methods.
The event additionally follows the launch of the Chrome Net Retailer for Enterprises, permitting organizations to create a curated listing of extensions that may be put in in staff’ internet browsers and reduce the chance of customers putting in doubtlessly dangerous or unvetted add-ons.
Final month, a spear-phishing marketing campaign focusing on Chrome extension builders was discovered to have inserted malicious code to reap delicate information, comparable to API keys, session cookies, and different authentication tokens from web sites comparable to ChatGPT and Fb for Enterprise.
The provision chain assault is alleged to have been energetic since not less than December 2023, French cybersecurity firm Sekoia stated in a brand new evaluation revealed this week.
“This threat actor has specialised in spreading malicious Chrome extensions to harvest sensitive data,” the corporate stated, describing the adversary as persistent.
“At the end of November 2024, the attacker shifted his modus operandi from distributing his own malicious Chrome extensions via fake websites to compromising legitimate Chrome extensions by phishing emails, malicious OAuth applications, and malicious code injected into compromised Chrome extensions.”
