Android 17 Adds Auto-Hangup for Bank Impersonation Scam Calls

4-min Read0 Comments

  • Phone Scam
  • Bank Impersonation
  • Android Security
  • Scam Prevention
  • Consumer Safety

Google's new Android tool will auto-terminate calls impersonating banks by verifying with banking apps, starting with Revolut, Itaú and Nubank.

Android Adds Real-Time Verification to Block Bank Impersonation Calls

Google has announced a new verified financial calls feature for Android that will automatically terminate calls impersonating banks, with the rollout beginning in the coming weeks on devices running Android 11 and later. Reporting from the Android Show ahead of Google I/O indicates the system checks in real time with a participating banking app to confirm whether the institution is genuinely calling the user, and hangs up automatically if the app confirms no call is being made.

The initial launch will support Revolut, Itaú and Nubank, with more financial institutions expected to be added later this year. Google has cited internal estimates putting global losses from phone spoofing scams at close to US$1 billion annually.

How the Verification Handshake Works

The mechanism relies on a direct check between the operating system and an integrated banking app. When an incoming call claims to originate from a participating bank, Android queries that bank's app on the device to confirm whether a genuine outbound call has been placed. A negative response triggers an automatic disconnect before the user answers.

This is a structural shift from earlier consumer-facing scam protections, which depended on the user recognising a suspicious caller mid-conversation. Bank impersonation typically relies on the social pressure of the moment, with callers urging immediate action on a supposed fraud alert. Pre-answer interception removes that pressure entirely.

Wider Android Security Changes Announced

Verified financial calls forms one part of a broader Android security overhaul. According to the announcement, the other measures include:

  • Expanded AI-powered Live Threat Detection that flags suspicious app behaviour such as SMS forwarding, hidden accessibility overlays, and apps that conceal their icons before running in the background
  • Automatic hiding of one-time passwords from most apps for three hours after delivery, narrowing the window in which malicious apps can scrape OTP codes
  • Malware scanning of APK files downloaded through Chrome
  • Stronger theft protections that lock a stolen device behind biometric authentication

Android 17 will additionally introduce official Android OS verification for Pixel devices, post-quantum cryptography protections, and enhanced privacy controls for location and contact sharing. Google has indicated most features will operate in the background without requiring user setup.

What It Means for Australian Phone Users

The launch banks Revolut, Itaú and Nubank do not include major Australian institutions such as Commonwealth Bank, Westpac, NAB or ANZ. Australian Android users will therefore not benefit from automatic bank-call verification until local banks integrate with the system, and Google has not confirmed a timeline for that integration.

Bank impersonation continues to be one of the most reported phone scam categories in Australia. Scamwatch figures published by the ACCC have repeatedly placed impersonation scams, including those mimicking banks, the ATO and myGov, among the highest categories by reported financial loss. Until the new verification feature reaches Australian banks, the community-driven approach to identifying suspicious numbers remains the practical line of defence for most consumers.

How to Check and Report a Suspicious Call

Australians who receive a call claiming to be from their bank can take the following steps:

  • End the call and dial the bank's verified number from the back of the debit or credit card, not any number provided by the caller
  • Search the calling number on Reverseau to see whether other contributors have flagged it as a bank impersonation attempt
  • Report the call to Scamwatch at scamwatch.gov.au if money or personal information was requested
  • Forward scam SMS to 0429 999 888, the number operated for SMS scam reporting
  • Report cybercrime involving stolen credentials or financial loss to ReportCyber via cyber.gov.au

Community reports submitted to Reverseau add to the public record on numbers used in impersonation campaigns, helping other Australians identify the same caller before answering. Contributors who recognise a number from a recent bank-impersonation attempt are encouraged to add their account of the call.