--- source: newsletter source_url: https://cyberscoop.com/google-android-intrusion-logging-amnesty-spyware-detection/ tags: [cyberscoop] review_value: 9 review_confidence: 8 review_recommendation: strong review_stars: 5 ingested: 2026-05-15 sha256: 02c670c4b12bb451e4b80c33f1eddb70bb819e8a83aaf58ae4f5e0f292c15cfc --- # Google and Amnesty International teamed up to make it harder for spyware vendors to hide Published Time: 2026-05-12T17:00:00Z Markdown Content: # Google and Amnesty International teamed up to make it harder for spyware vendors to hide | CyberScoop [Skip to main content](https://cyberscoop.com/google-android-intrusion-logging-amnesty-spyware-detection/#main) Advertisement * [CyberScoop](https://cyberscoop.com/) * [AIScoop](https://aiscoop.com/) * [FedScoop](https://www.fedscoop.com/) * [DefenseScoop](https://defensescoop.com/) * [StateScoop](https://statescoop.com/) * [EdScoop](https://edscoop.com/) [Advertise](https://scoopnewsgroup.com/oursolutions/)Search Close Search for: Search [![Image 1: CyberScoop](https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/logo-cyber.svg)](https://cyberscoop.com/) Open navigation * [Topics](https://cyberscoop.com/google-android-intrusion-logging-amnesty-spyware-detection/) Back * [AI](https://cyberscoop.com/news/ai/) * [Cybercrime](https://cyberscoop.com/news/threats/cybercrime/) * [Commentary](https://cyberscoop.com/news/commentary/) * [Financial](https://cyberscoop.com/news/financial/) * [Government](https://cyberscoop.com/news/government/) * [Policy](https://cyberscoop.com/news/policy/) * [Privacy](https://cyberscoop.com/news/privacy/) * [Technology](https://cyberscoop.com/news/technology/) * [Threats](https://cyberscoop.com/news/threats/) * [Research](https://cyberscoop.com/news/research/) * [Workforce](https://cyberscoop.com/news/workforce/) * [Special Reports](https://cyberscoop.com/specials/) * [Events](https://cyberscoop.com/attend) * [Podcasts](https://cyberscoop.com/listen/) * [Videos](https://cyberscoop.com/watch/) * [Insights](https://cyberscoop.com/insights/) * [CyberScoop 50](https://cyberscoop.com/cyberscoop50/vote/) Switch Site * [CyberScoop](https://cyberscoop.com/) * [AIScoop](https://aiscoop.com/) * [FedScoop](https://www.fedscoop.com/) * [DefenseScoop](https://defensescoop.com/) * [StateScoop](https://statescoop.com/) * [EdScoop](https://edscoop.com/) [Subscribe](https://cyberscoop.com/subscribe/) Advertisement Subscribe to our daily newsletter. [Subscribe](https://cyberscoop.com/subscribe) Close * [Technology](https://cyberscoop.com/google-android-intrusion-logging-amnesty-spyware-detection/) Intrusion Logging marks the first feature from a major device vendor to aid with forensic detection of sophisticated threats, Amnesty International said. **By**[Tim Starks](https://cyberscoop.com/author/tim-starkscyberscoop-com/ "Tim Starks") May 12, 2026 ![Audio 1](https://wp-tts-cdn.api.scpnewsgrp.com/cyberscoop/88963/english.openai.mp3) [](https://cyberscoop.com/google-android-intrusion-logging-amnesty-spyware-detection/#) Listen to this article 0:00 Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. ![Image 2](https://cyberscoop.com/wp-content/uploads/sites/3/2026/05/GettyImages-2166653835-1.jpg?w=1002) Google has been ramping up the new feature, Intrusion Logging, since last year, and has now begun rolling it out on Pixel devices. (Getty Images) Google launched a feature for Android phones Tuesday for dedicated forensic logs about intrusions from sophisticated attacks like those by spyware vendors, in what design partners at Amnesty International hailed as an important first. The tech giant has been ramping up the new feature, Intrusion Logging, since [last year](https://arstechnica.com/security/2025/05/google-introduces-advanced-protection-mode-for-its-most-at-risk-android-users/), and has now begun rolling it out. “The new intrusion logging feature promises to be a major aid to digital forensics researchers undertaking investigations into sophisticated attacks on Android devices,” Amnesty International said in a Tuesday [technical briefing](https://securitylab.amnesty.org/latest/2026/05/android-intrusion-logging-as-a-new-source-of-data-for-consensual-forensic-analysis/). “This is the first time a major device vendor has released a feature specifically to enhance the ability to forensically detect and respond to advanced digital threats.” To date, independent investigators have relied on records and often short-lived log files that weren’t meant for forensic use, and Amnesty said surveillance groups have grown increasingly aware of those forensic efforts. Intrusion Logging, a feature of [Android Advanced Protection](https://cyberscoop.com/google-android-16-security-features-update-scam-protection-advanced/) Mode, is designed specifically to keep track of possible intrusions for forensic purposes. It keeps records of security incidents like device unlocking, physical access and spyware installation and removal. Advertisement Google’s [annual security and privacy update](https://blog.google/security/whats-new-in-android-security-privacy-2026/) for Android phones mentions the feature and its development with Amnesty International, Reporters Without Borders and others. It also touts new protections against banking scam calls, other features for detecting suspicious activity on Android phones, additional privacy safeguards and more. The firm has been working on the feature since announcing it last year. “Intrusion Logging enables persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise,” wrote Eugene Liderman, director of Android security and privacy. Intrusion Logging joins an [expanding slate of features](https://cyberscoop.com/whatsapp-strict-account-settings-lockdown-style-spyware-protection/) from tech companies to fight sophisticated attacks like those from commercial spyware, among them Apple’s Lockdown Mode and [Memory Integrity Enforcement](https://cyberscoop.com/apple-memory-integrity-enforcement-iphone-ios-anti-spyware/) and WhatsApp’s Strict Account Settings. Intrusion Logging “promises to help shift the balance to the advantage of defenders, providing civil society investigators with the key evidence needed to detect and expose some of the most advanced attacks facing journalists and activists,” said Donncha Ó Cearbhaill, head of the Amnesty International Security Lab, “With Intrusion Logging Google is the first major vendor to proactively address to challenge of detecting advanced attacks on device. By making more consensual forensic data available for researchers, we can make life more difficult for attackers and help civil society seek accountability when their devices are unlawfully targeted by spyware and mobile data extraction tools.” Advertisement The feature has some limitations, though, Amnesty said in its technical briefing. It requires Android 16 and is only available for now on Pixel devices; the device has to be linked to a Google account, and the logs may include sensitive information, like browser navigation history, so secure sharing of the logs is important. The logs may also be deletable by attackers, Ó Cearbhaill told CyberScoop, but he said he understands there are plans to strengthen protections against that in future versions. And lots of attacks would be detectable in the logs where attackers wouldn’t necessarily have the root access needed to try to delete logs, he said. To enable Intrusion Logging, users need to be using Android Advanced Protection Mode, and can find the feature at Settings > Security & privacy > Advanced Protection > Intrusion Logging. If users suspect some kind of security incident, they’ll need to export and share the logs with a forensic analyst. ![Image 3: Tim Starks](https://cyberscoop.com/wp-content/uploads/sites/3/2024/03/Tim-Starks-01.jpg?w=150&h=150&crop=1) #### Written by Tim Starks Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he's covered cybersecurity since 2003. Email Tim here: [tim.starks@cyberscoop.com](mailto:tim.starks@cyberscoop.com). #### In This Story * [Amnesty International](https://cyberscoop.com/tag/amnesty-international/) * [Android](https://cyberscoop.com/tag/android/) * [Apple](https://cyberscoop.com/tag/apple/) * [Donncha Ó Cearbhaill](https://cyberscoop.com/tag/donncha-o-cearbhaill/) * [Google](https://cyberscoop.com/tag/google/) * [Pixel](https://cyberscoop.com/tag/pixel/) * [Reporters Without Borders](https://cyberscoop.com/tag/reporters-without-borders/) * [spyware](https://cyberscoop.com/tag/spyware/) * [surveillance](https://cyberscoop.com/tag/surveillance/) * [WhatsApp](https://cyberscoop.com/tag/whatsapp/) Share * [Facebook](https://www.facebook.com/sharer/sharer.php?u=https://cyberscoop.com/google-android-intrusion-logging-amnesty-spyware-detection/) * [LinkedIn](https://www.linkedin.com/cws/share?url=https://cyberscoop.com/google-android-intrusion-logging-amnesty-spyware-detection/) * [Twitter](https://twitter.com/intent/tweet?url=https://cyberscoop.com/google-android-intrusion-logging-amnesty-spyware-detection/) * Copy Link Advertisement Advertisement ## More Like This 1. ### [Major world economies spell out key elements of AI ‘ingredients list’](https://cyberscoop.com/g7-cisa-ai-sbom-security-guidance/) By [Tim Starks](https://cyberscoop.com/author/tim-starkscyberscoop-com/) 2. ### [Instructure claims hackers returned stolen Canvas data after an extortion standoff](https://cyberscoop.com/canvas-instructure-data-theft-extortion-the-com/) By [Matt Kapko](https://cyberscoop.com/author/matt-kapko/) 3. ### [Major tech manufacturer Foxconn confirms cyberattack hit North American factories](https://cyberscoop.com/foxconn-cyberattack-disrupts-north-america-factories/) By [Matt Kapko](https://cyberscoop.com/author/matt-kapko/) Advertisement ## Top Stories 1. ### [Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks](https://cyberscoop.com/house-homeland-security-briefing-anthropic-mythos-cyber-risks/) By [Tim Starks](https://cyberscoop.com/author/tim-starkscyberscoop-com/) 2. ### [Researchers say AI just broke every benchmark for autonomous cyber capability](https://cyberscoop.com/ai-autonomous-cyber-capability-benchmarks-broken-gpt5-claude-mythos/) By [Greg Otto](https://cyberscoop.com/author/greg-otto/) Advertisement ## More Scoops [![Image 4](https://cyberscoop.com/wp-content/uploads/sites/3/2024/12/GettyImages-2188891133.jpg?w=506)](https://cyberscoop.com/amnesty-international-exposes-serbian-polices-use-of-spyware-on-journalists-activists/) Students, behind a banner reading “15 minutes for 15 lives,” block a street in Belgrade on Dec. 12, standing in silence to honor the 15 victims of the tragedy that occurred at the railway station in Novi Sad in November. (Photo by Andrej ISAKOVIC / AFP) ### [Amnesty International exposes Serbian police’s use of spyware on journalists, activists](https://cyberscoop.com/amnesty-international-exposes-serbian-polices-use-of-spyware-on-journalists-activists/) The comprehensive report showed how Serbian law enforcement combined Cellebrite’s tech with a novel Android-focused spyware program. By [Tim Starks](https://cyberscoop.com/author/tim-starkscyberscoop-com/) ## Latest Podcasts ![Image 5](https://cyberscoop.com/wp-content/uploads/sites/3/2026/03/SafeMode-Guest_thumbnail-31.png?w=300) #### [When iPhone exploits turn into commodities](https://cyberscoop.com/radio/criminal-groups-and-opportunistic-attackers-will-operationalize-it-against-the-enormous-population-of-out-of-date-ios-devices/) ![Image 6](https://cyberscoop.com/wp-content/uploads/sites/3/2026/05/SafeMode-Guest_thumbnail-39.png?w=300) #### [Why access brokers have stubbornly remained successful](https://cyberscoop.com/radio/current-landscape-of-initial-access-brokers-and-how-their-tactics-continue-to-support-ransomware-operations/) ![Image 7](https://cyberscoop.com/wp-content/uploads/sites/3/2026/05/FSU.jpeg?w=300) #### [Family of FSU shooting victim sues OpenAI Foundation for negligence, lack of safety guardrails](https://cyberscoop.com/radio/openai-chatgpt-safety-guardrails-family-lawsuit-fsu-shooting/) ![Image 8](https://cyberscoop.com/wp-content/uploads/sites/3/2026/05/SafeMode-Guest_thumbnail-38.png?w=300) #### [Can you prove which agent did what?](https://cyberscoop.com/radio/greg-otto-talks-with-howard-ting-ceo-of-opal-security-about-the-growing-security-challenges-created-by-ai-agents/) ### Government * [DOJ releases legal rationale for nationwide voter data collection](https://cyberscoop.com/federal-voter-data-collection-doj-legal-memo/) * [Trump officials are steering a cybersecurity scholarship program toward AI](https://cyberscoop.com/sfs-scholarship-program-trump-administration-ai-shift/) * [One House Democrat is pressing Commerce on the government’s spyware use](https://cyberscoop.com/democrat-summer-lee-letter-briefing-nso-group-spyware-trump/) * [A DOD contractor’s API flaw exposed military course data and service member records](https://cyberscoop.com/schemata-dod-contractor-api-flaw-military-data-exposure/) ### Technology * [Google spotted an AI-developed zero-day before attackers could use it](https://cyberscoop.com/google-threat-intelligence-group-ai-developed-zero-day-exploit/) * [Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI](https://cyberscoop.com/claude-chrome-extension-allows-plugins-to-hijack-ai/) * [A college student is suing a dating app that allegedly used her TikTok videos to target men in her dormitory](https://cyberscoop.com/meete-dating-app-lawsuit-geofencing-tiktok-misappropriation/) * [US government, allies publish guidance on how to safely deploy AI agents](https://cyberscoop.com/cisa-nsa-five-eyes-guidance-secure-deployment-ai-agents/) ### Threats * [‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack](https://cyberscoop.com/mini-shai-hulud-supply-chain-malware-attack/) * [Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical](https://cyberscoop.com/microsoft-patch-tuesday-may-2026/) * [Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments](https://cyberscoop.com/chuck-schumer-seeks-dhs-plan-on-ai-cyber-coordination-with-state-local-governments/) * [Ivanti customers confront yet another actively exploited zero-day](https://cyberscoop.com/ivanti-epmm-zero-day-vulnerability-exploited/) ### Policy * [FCC tightens KYC rules for telecoms, closes loophole for banned foreign services](https://cyberscoop.com/fcc-know-your-customer-supply-chain-security-rules/) * [Congress kicks the can down the road on surveillance law (again)](https://cyberscoop.com/congress-extends-section-702-surveillance-45-days/) * [Congress, industry ponder government posture for protecting data centers](https://cyberscoop.com/congress-industry-ponder-government-posture-for-protecting-data-centers/) * [Chinese national extradited to US for pandemic-era Silk Typhoon attacks](https://cyberscoop.com/xu-zewei-extradited-china-national-silk-typhoon-hafnium/) Advertisement [![Image 9: Scoop News Group](https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/images/logo-sng.svg)](https://scoopnewsgroup.com/)[About Us](https://cyberscoop.com/about/) * [FedScoop](https://www.fedscoop.com/) * [DefenseScoop](https://defensescoop.com/) * [StateScoop](https://statescoop.com/) * [EdScoop](https://edscoop.com/) * [CyberScoop](https://cyberscoop.com/) * [AIScoop](https://aiscoop.com/) * [Newsletters](https://cyberscoop.com/subscribe) * [Advertise with us](https://scoopnewsgroup.com/oursolutions/) * [Ad specs](https://cdn.fedscoop.com/2025_DigitalAdvertisingSpecs.pdf) * [(202) 887-8001](tel:202208878001) * [hello@cyberscoop.com](mailto:hello@cyberscoop.com) * [FB](https://www.facebook.com/cyberscoop) * [TW](https://twitter.com/cyberscoopnews) * [LinkedIn](https://www.linkedin.com/company/4847467) * [IG](https://www.instagram.com/cyberscoopnews) * [YT](https://www.youtube.com/@cyberscoop_sng) [![Image 10: CyberScoop](https://cyberscoop.com/wp-content/themes/scoopnewsgroup/dist/svg/logo-cyber.svg)](https://cyberscoop.com/) Close Ad Continue to CyberScoop