Google Adds Fake-Call Detection to Phone by Google

Google announced a new fake-call detection feature for Phone by Google in a June 2 blog post authored by Eric Lynch, Troy Kensinger, and Oren Schetrit. The blog post describes a verification flow in which a caller's device sends a silent confirmation signal to the recipient's device when both parties use Phone by Google, and a missing confirmation triggers an on-screen warning, as reported by TechCrunch and The Verge. Google is rolling the feature out globally to devices running Android 12 and later this month, starting with Pixel phones, TechCrunch reported. The blog post also states the feature is built on the Rich Communication Services (RCS) standard so other apps and device manufacturers can adopt the technique. The blog cited an INTERPOL estimate of $400 billion in global losses and the FTC estimate of $2.95 billion in U.S. losses in 2024 as background on impersonation fraud, as covered by PYMNTS.

The blog post frames the mechanism as a device-level "digital handshake" that verifies whether a call is actually originating from a contact's device, TechCrunch reported. If the initial confirmation signal is absent, the recipient device can ping the purported caller's registered device to check whether that device is making a call, the blog post explained and TechCrunch summarized. Google built the flow on RCS to enable cross-app and cross-manufacturer adoption, the blog post said.

Industry-pattern observations: App-level verification built on a messaging/telephony standard like RCS addresses attacks that exploit IP-based caller-ID spoofing and AI voice cloning in ways that carrier-centric systems such as STIR/SHAKEN may not fully cover. Companies implementing comparable app-level signals typically trade off broader reach for stronger cryptographic proof; reach depends on how many users and apps participate in the verification exchange. For practitioners, adding a "confirmation signal" introduces a high-signal binary feature that can be incorporated into fraud-detection rules and telemetry, but its coverage will be limited while adoption remains incomplete.

For practitioners: The announcement marks a practical step toward integrating device-origin signals with consumer dialers to reduce successful impersonation scams that combine number spoofing and AI voice cloning. The use of an open standard like RCS increases the potential for ecosystem adoption, which matters for security teams that analyze call metadata and build classifier features. The industry impact will hinge on uptake by third-party dialers, OEMs, and carriers, and on whether attackers adapt by exploiting endpoints or verification flows.

Observers should track wider adoption of the RCS-based verification by other Android OEMs and third-party dialer apps, and whether carriers or standards bodies propose complementary carrier-level attestations. Practitioners should also watch for operational details about privacy and failure modes from Google and others, and for attacker responses such as replay or device-compromise tactics that could try to simulate or suppress confirmation signals. Finally, measureable indicators of effectiveness will include reported scam volumes and consumer complaint rates in jurisdictions covered by the rollout.