Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Briefly

"Intrusion Logging, available as part of Advanced Protection Mode, enables “persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise,” the company said. The feature, it added, was developed in partnership with Amnesty International and Reporters Without Borders. According to a help document shared by Google, it logs device and network activities on a daily basis, including information about device behavior and the various applications that run on it."

"The kinds of activities recorded are listed below - App activity (e.g., when an app process starts) App installations, updates, and uninstalls Network connections like starting and stopping Wi-Fi, Bluetooth, DNS lookups, and IP addresses File transfers to or from the device over USB Changes to system certificates When the device is locked or unlocked"

"Google also noted that the log data is end-to-end encrypted by the device and stored on Google servers. The encryption keys are secured by Google Account password and screen lock credentials, meaning the logs cannot be accessed by any third-party, including Google itself, apart from the device owner. “By storing the data on a secure server, even malware installed on the smartphone cannot access, delete, or manipulate it,” Reporters Without Borders said."

"“End-to-end encryption also ensures that neither Google nor state actors can access the data. The Intrusion Logging function in particular enables detection and forensic analysis of even highly sophisticated and previously difficult-to-detect attacks.” The encrypted logs are stored for a period of 12 months, after which they are automatically wiped. Once Intrusion Logging is enabled, a user cannot delete the logs before the 12-month expiration window, even if th"