Google has launched a brand new function referred to as Identification Test for supported Android gadgets that locks delicate settings behind biometric authentication when outdoors of trusted places.
“Whenever you activate Identification Test, your gadget would require specific biometric authentication to entry sure delicate sources once you’re outdoors of trusted places,” Google stated in a publish asserting the transfer.
In doing so, biometric authentication will probably be required for the next actions –
- Entry saved passwords and passkeys with Google Password Supervisor
- Autofill passwords in apps from Google Password Supervisor, besides in Chrome
- Change display screen lock, like PIN, sample, and password
- Change biometrics, like Fingerprint or Face Unlock
- Run a manufacturing facility reset
- Flip off Discover My System
- Flip off any theft safety options
- View trusted locations
- Flip off Identification Test
- Arrange a brand new gadget along with your present gadget
- Add or take away a Google Account
- Entry Developer choices
Identification Test can also be designed to activate enhanced safety for Google Accounts to forestall unauthorized people from taking management of any Google Account signed in on the gadget.
The function is at the moment restricted to Google’s personal Pixel telephones with Android 15 and eligible Samsung Galaxy telephones operating One UI 7. It may be enabled by navigating to Settings > Google > All providers > Theft safety > Identification Test.
The disclosure comes as Google has been including a gentle stream of safety features to safe gadgets in opposition to theft, comparable to Theft Detection Lock, Offline System Lock, and Distant Lock.
Google additionally stated it has rolled out its synthetic intelligence-powered Theft Detection Lock to all Android gadgets operating Android 10 and later internationally, and that it is working with the GSMA and business specialists to fight cell gadget theft by sharing data, instruments and prevention methods.
The event additionally follows the launch of the Chrome Internet Retailer for Enterprises, permitting organizations to create a curated listing of extensions that may be put in in staff’ net browsers and decrease the danger of customers putting in doubtlessly dangerous or unvetted add-ons.
Final month, a spear-phishing marketing campaign concentrating on Chrome extension builders was discovered to have inserted malicious code to reap delicate knowledge, comparable to API keys, session cookies, and different authentication tokens from web sites comparable to ChatGPT and Fb for Enterprise.
The provision chain assault is alleged to have been energetic since a minimum of December 2023, French cybersecurity firm Sekoia stated in a brand new evaluation printed this week.
“This risk actor has specialised in spreading malicious Chrome extensions to reap delicate knowledge,” the corporate stated, describing the adversary as persistent.
“On the finish of November 2024, the attacker shifted his modus operandi from distributing his personal malicious Chrome extensions through pretend web sites to compromising legit Chrome extensions by phishing emails, malicious OAuth purposes, and malicious code injected into compromised Chrome extensions.”