Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks.Intrusion Logging, available as part of Advanced Protection Mode,...

Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks.

Intrusion Logging, available as part of Advanced Protection Mode, enables "persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise," the company said.

The feature, it added, was developed in partnership with Amnesty International and Reporters Without Borders. According to a help document shared by Google, it logs device and network activities on a daily basis, including information about device behavior and the various applications that run on it.

Google also noted that the log data is end-to-end encrypted by the device and stored on Google servers. The encryption keys are secured by Google Account password and screen lock credentials, meaning the logs cannot be accessed by any third-party, including Google itself, apart from the device owner.

"By storing the data on a secure server, even malware installed on the smartphone cannot access, delete, or manipulate it," Reporters Without Borders said. "End-to-end encryption also ensures that neither Google nor state actors can access the data. The Intrusion Logging function in particular enables detection and forensic analysis of even highly sophisticated and previously difficult-to-detect attacks."

The encrypted logs are stored for a period of 12 months, after which they are automatically wiped. Once Intrusion Logging is enabled, a user cannot delete the logs before the 12-month expiration window, even if the account is closed or the feature is turned off. Users have the option to download the logs offline, should they prefer to keep them for longer periods.

That said, Google has emphasized that once the logs are downloaded and decrypted, users are responsible for their security. "In certain legal or regulatory environments, you may be required by law to provide access to your decrypted data or your security credentials," it pointed out.

Another thing to keep in mind when enabling the feature is that it also records network events generated during Chrome Incognito browsing, such as DNS lookups and IP connections, as it operates at the system level and does not distinguish between the browsing modes. In other words, anybody with access to the decrypted logs can glean what websites were visited, but cannot infer specific pages on those sites.

The motivation behind Intrusion Logging is that a high-risk individual, who suspects they may have been targeted by advanced surveillance tools because of who they are and what they do, can share the activity log with trusted security experts for detailed examination.

The logs can be downloaded by navigating to the Settings app, and then tapping Security & privacy -> Advanced Protection -> Intrusion Logging -> Access logs. The feature is currently rolling out to all devices running the Android 16 December update and newer.

Read original source