Overview
- Intrusion Logging, which Google began rolling out Tuesday, is an opt-in setting inside Android’s Advanced Protection Mode for people at high risk of targeted hacking.
- The feature records security-relevant events such as device unlocks, app installs or removals, Android Debug Bridge connections used by tools like Cellebrite, network contacts, and attempts to erase related logs.
- The system creates a log once per day, encrypts it on the device, and stores it in the user’s Google account so only the owner can access or share it with a forensic analyst.
- Availability is limited at launch to devices on the Android 16 December update or newer, currently Google Pixel phones, with a linked Google account required.
- Developed with Amnesty International and Reporters Without Borders, the tool earns praise for stronger evidence collection, though partners note the logs may include sensitive browsing data and could be deletable in some cases, with tougher protections planned.