Jan 24, 2025Ravie LakshmananBiometric / Mobile Security
Google has introduced a new feature called Identity Check for Android devices that allows users to access sensitive settings without using biometric identification when not using trusted areas.
When you enable Identity Verify, your device will need to provide explicit biometric authentication to access some delicate resources when you’re not using trusted locations, according to a post from Google announcing the change.
Biometric verification may be necessary for the next steps in doing so:
- With Google Password Manager, you can get saved passwords and passkeys.
- Login usernames in applications from Google Password Manager, except in Chrome
- Change display lock, like PIN, design, and password
- Change biometric, like Fingerprint or Face Unlock
- Run a mill restore
- Move off Find My System
- Switch off any fraud safety features
- View trusted sites
- Turn off Personality Test
- Use your existing system to set up a new system.
- Add or remove a Google Account
- Access Developer possibilities
Additionally, Identity Check is intended to enable enhanced security for Google Accounts to stop unauthorized users from obtaining access to any Facebook Accounts that are connected to the unit.
Google’s unique Pixel phones running Android 15 and Samsung Galaxy phones running One UI 7 are now exempt from this feature. It can be enabled by navigating to Settings >, Google >, All service >, Theft protection >, Identity Check.
The disclosure comes as Google continues to improve its safety features, including isolated lock, offline device lock, and theft detection locks, to protect devices from theft.
Google added that it is working with the GSMA and industry experts to combat mobile device fraud by sharing information, tools, and prevention strategies and that it has also rolled out its artificial intelligence-powered Theft Detection Lock to all Android devices running Android 10 and eventually globally.
The development comes in the wake of the start of the Chrome Web Store for Enterprises, which enables businesses to create a customized list of additions that can be installed in people ‘ web sites, reducing the chance that people install potentially harmful or unvetted add-ons.
A spear-phishing plan targeting Chrome improvement developers was discovered last month that injected malicious code into websites like Facebook for Business and ChatGPT to obtain sensitive data, such as API keys, program cookies, and another authentication tokens.
According to French cybersecurity firm Sekoia, the supply chain attack is said to have been engaged since at least December 2023.
The threat actor has a focus on spreading harmful Chrome extensions to eavesdrop on sensitive information, according to the company, who described the threat as consistent.
The attacker changed his tactic at the end of November 2024 from distributing his own malignant Chrome extensions via bogus websites to compromising genuine Chrome extensions through phishing emails, harmful OAuth applications, and malicious code injection into jeopardized Chrome extensions.
Found this post interesting? To read more unique information we post, follow us on and Twitter.