Google is set to enhance the security of Android devices with a new optional feature in Android 16. This innovation allows users to disable USB data access when their phones are locked, providing an additional layer of protection against unauthorized data extraction or lock screen bypasses. The feature ties into the newly introduced Advanced Protection Mode, which blocks new USB peripherals until the device is unlocked and the USB is reinserted. This development caters to individuals who require heightened security measures, such as journalists and activists at risk of targeted hacking attempts.
In recent years, the vulnerability of locked Android devices to USB-based attacks has been increasingly recognized. For example, Amnesty International documented a zero-day exploit involving a USB driver used to infiltrate a student activist's phone in Serbia. Such incidents highlight the necessity for robust security protocols. To address this, Google aims to disable USB data signaling when a device is locked, preventing peripherals from communicating with the system. This can be achieved either through hardware modifications or software controls. While hardware-level changes involve altering USB drivers to cut off data lines entirely, the software approach disables high-level USB support, blocking connections from new peripherals when the device remains locked.
Since the release of Android 12, Google has progressively integrated APIs for disabling USB data signaling at a software level. Initially available for enterprise device management apps, this functionality was expanded in Android 15 to include lockdown mode, which also disables USB data access. Now, with Android 16, the feature is being refined further by integrating it into the Advanced Protection Mode. This mode builds on Google’s existing Advanced Protection Program, offering users comprehensive safeguards against unauthorized access.
Advanced Protection Mode introduces several stringent security measures, including restricting app sideloading permissions, disabling 2G access, enabling Memory Tagging Enforcement (MTE) for compatible apps, and blocking WEP connections. Furthermore, apps can leverage the Advanced Protection Mode API to implement their own security features when a user opts in. Evidence from recent APK teardowns indicates that applications like Phone by Google and Messages will soon support this enhanced security framework.
Recent investigations into Android 16 betas have uncovered strings suggesting that enabling Advanced Protection Mode will disable USB data signaling when the device is locked. These strings emphasize the inability to use new USB devices while the device remains locked and notify users of "suspicious USB activity." Users must unlock their devices and reinsert USB peripherals to establish functionality. Preliminary testing confirms that both USB sticks and keyboards are rejected when the device is locked, only becoming usable after unlocking and reinserting them.
This straightforward security enhancement addresses vulnerabilities highlighted in reports such as those from Amnesty International. By rolling out Advanced Protection Mode, Google empowers users to activate a suite of security features with a single toggle. Such advancements promise to make Android devices more secure for individuals requiring elevated protection levels.