A new wave of sophisticated phone scams has pushed Google to deploy an artificial intelligence shield that can detect when a caller is spoofing a saved contact’s number. Starting in June 2026, Pixel devices and compatible Android phones running Android 12 or newer gained access to this real‑time protection inside the Phone by Google app—no third‑party tools required.
The rollout marks a significant shift from traditional Caller ID verification. Instead of merely checking whether a number is on a blacklist, the system listens for telltale conversational patterns and cross‑references device‑level signals that a conventional caller name display cannot expose. For the millions of Windows users who carry an Android device as their daily driver, the update closes a dangerous gap that phishing outfits have exploited for years.
The Anatomy of a Modern Fake‑Call Scam
Criminals no longer need to steal physical SIM cards to impersonate a trusted contact. Using readily available Voice over IP tools, a scammer can alter the outgoing caller ID so that the recipient’s screen displays “Mom,” “Bank of America,” or a local police department—often with the correct name and photo pulled straight from the phone’s own address book. Because the number matches a saved contact, the built‑in spam filter stays silent.
Once the call is answered, the attacker uses social engineering scripts that have become unnervingly convincing. Posing as a grandchild in distress or a fraud investigator, they pressure the victim into disclosing passwords, one‑time codes, or wiring money. The FBI’s Internet Crime Complaint Center logged over $1.3 billion in losses tied to impersonation scams in 2025 alone, and the trend has continued climbing.
What makes the June 2026 defense different is that it does not rely on the caller’s stated identity. Instead, it behaves like a silent observer, analyzing factors that a spoofed Caller ID cannot fake: the tone and rhythm of the voice, the logical consistency of the story, and cryptographic device attestation that occurs behind the scenes.
Beyond Caller ID: How Google Verifies the Actual Device
Conventional spam protection on Android already checks numbers against a globally curated database of suspicious parties. That database, updated via Google Play Services, stops most robocalls but falls flat when the scammer borrows a number the user already trusts. Google’s new layer solves this by tying the call to a real device fingerprint.
When a call arrives, the Phone by Google app sends a lightweight challenge to the caller’s handset—provided both devices are signed into a Google account and have an internet connection. The responding device must prove it possesses the hardware‑backed cryptographic key that was generated when the user first saved the contact. This key exchange, inspired by WebAuthn and FIDO2 standards, confirms that the call is genuinely coming from the trusted contact’s phone rather than an imposter who simply cloned the phone number.
If the verification fails—or if the caller’s device cannot respond because it is an unregistered VoIP trunk—a second layer kicks in. Google’s on‑device machine learning model begins processing the call audio in real time. The model, trained on tens of thousands of scam conversations, watches for red‑flag phrases (“urgent transfer,” “read the code back to me,” “don’t hang up”), aberrant speech cadences, and audio artifacts typical of voice‑over‑IP manipulation. On modern Pixel processors, this analysis adds less than 300 milliseconds of latency and runs entirely within the phone’s onboard AI accelerator.
On‑Device AI That Respects Privacy
Google stressed that the feature, internally code‑named “ShieldCall,” was engineered to keep conversations private. The AI models are downloaded to the device and execute locally; no audio streams or transcripts leave the phone unless the user explicitly reports a call as malicious. In that case, only the metadata—call duration, anonymized pattern flags, and the spoofed caller ID—is sent to Google for threat intelligence, never the voice recording itself.
This design sidesteps the regulatory minefield that plagued earlier cloud‑based call‑screening proposals in Europe and the United States. The on‑device nature also means the feature works during periods of poor cellular data, since it does not need to query a server. It can function in Airplane mode with Wi‑Fi enabled or even when only a basic 3G voice connection is available—a critical advantage because scammers often instruct victims to switch to a less secure network.
Compatible Devices and the Android 12 Requirement
The feature arrives via an over‑the‑air update to the Phone by Google app, which comes preinstalled on Pixel phones and is available for download on many devices from Samsung, OnePlus, and other manufacturers. Google confirmed that any handset running Android 12 or newer and using Phone by Google as the default dialer can participate, provided the manufacturer has not removed essential system‑level privileges. Android 12 introduced the Protected Confirmation class and stronger hardware attestation, which are foundational to the device‑verification step.
Pixel 6 and all subsequent Pixel models receive the update first, along with the June 2026 Pixel Feature Drop. The staggered rollout continues through July and August for other brands, with Google engineering teams working closely with OEMs to ensure the on‑device ML model performs reliably across different chipset architectures. Early benchmarks shared by Google show that the detection model has a 92% true‑positive rate and a false‑positive rate below 1%, meaning users should expect very few mistaken alerts.
When a likely fake call is detected, the Phone app displays a pulsing red banner reading “Spoofed caller suspected — the person you know may not be calling.” The banner includes a single‑tap button to block and report the number, as well as a link to a help article explaining common impersonation tactics. Crucially, the call is not automatically hung up; Google deliberately left that decision to the user after consumer‑experience research found that automatic termination could cause anxiety, especially for elderly users who might believe they just missed a genuine emergency call.
What This Means for Windows Users
Microsoft has not remained idle in the fight against phone fraud. The Windows Phone Link application, which lets users answer Android calls and texts straight from a Windows PC, now surfaces the same ShieldCall warnings when a call is routed through the desktop. This unified experience means that someone working on a Surface Laptop or a ThinkPad will see the red “spoofed caller” alert without reaching for their phone—a seamless extension that underscores the deepening ties between Android and Windows.
Moreover, the underlying device‑verification concept may soon migrate beyond voice calls. Google and Microsoft are already collaborating within the IETF to propose an RCS verification standard that would apply similar key‑exchange techniques to messaging, preventing scammers from impersonating a saved SMS contact. Early trials in the RCS Business Messaging ecosystem have shown promise, and the same cryptographic building blocks could eventually protect email clients like Outlook and Gmail when a sender attempts to spoof a known address.
For IT administrators managing fleets of company‑owned Android phones via Microsoft Intune, the update is a welcome layer of defense. Business email compromise (BEC) schemes often begin with a fake call from a “colleague” or “vendor” whose number is saved in the corporate directory. Intune policies can enforce that the ShieldCall feature remains turned on for managed devices, and admins can audit incident logs through the Microsoft Endpoint Manager console—though the logs contain only metadata, preserving employee privacy.
The Broader RCS and SMS Verification Context
The fight against spoofing does not stop at the dialer. In parallel with ShieldCall, Google is rolling out enriched SMS sender verification for Android Messages. When a business or a person sends an SMS with a verified RCS sender profile, the Messages app displays a checkmark next to the sender name, confirming that the message is authentic. That infrastructure, built on the Rich Communication Services protocol, now feeds into the call‑verification system: when a contact is linked to a verified RCS profile, the Phone app can skip the cryptographic challenge and immediately display a trust indicator.
This interplay between RCS and voice is part of a larger strategy that Google calls “Unified Identity Verification.” The vision is that a user’s contact list becomes a cryptographically anchored trust store, where each entry is bound to one or more verified device identities. If a call arrives from a number but the device identity doesn’t match, the system raises a red flag. Steps like this make it exponentially harder for gangs that operate massive call‑spoofing operations from rented server farms in Southeast Asia and Eastern Europe.
Industry watchdogs have applauded the move, though some privacy advocates have raised questions about the secrecy of the device‑attestation handshake. Google clarified in a security white paper published alongside the rollout that the handshake reveals only that the caller is using a device previously associated with the saved contact; it does not disclose the device’s location, IP address, or any other personal data. The exchange is end‑to‑end encrypted and uses a zero‑knowledge proof scheme, meaning Google’s own servers cannot determine which contacts are being verified at any given moment.
User Reception and Real‑World Impact
Early feedback from the Pixel beta community has been largely positive. On Reddit and Google’s own support forums, users have shared clips of ShieldCall correctly flagging calls that spoofed their spouse’s number—a scam surge that peaked around Mother’s Day 2026. One beta tester recounted that the alert appeared within four seconds of answering, before the scammer had finished introducing themselves as “your husband, I lost my wallet.” The tap‑to‑block feature prevented any further attempts from that number, and the incident was automatically logged for potential law enforcement action.
There are edge cases. Users who save multiple numbers under one contact—such as a parent’s mobile and office lines—may see a warning if the device‑verification check looks for the primary number’s device fingerprint and the secondary number is associated with a different physical phone. Google’s support page advises updating the contact card with the appropriate device‑specific details, but power‑users have requested a “trust this combination” toggle to reduce noise. Google says such refinements are under consideration for the next Feature Drop.
Carrier‑side spoofing mitigation, like STIR/SHAKEN in the United States, already helps verify that a call originates from the number shown. But that system only confirms the number’s authenticity, not that the person operating the originating device is the contact the recipient knows. Google’s on‑device verification effectively adds the missing last mile of trust. The two technologies are complementary: STIR/SHAKEN filters out bulk spoofing from unregistered gateways, while ShieldCall catches the targeted attacks that slip through.
The Road Ahead
Google’s security roadmap suggests that similar protections will come to Wear OS smartwatches and Android Auto by the end of 2026. In the car, the voice‑analysis model will run on a companion phone but surface warnings on the dashboard display, helping drivers avoid distraction while still being alerted to potential fraud. A future update may also allow users to opt into automatic call termination for high‑confidence detections—though Google emphasizes that any such feature would be off by default and require explicit consent.
On the Windows front, Microsoft is exploring whether the Device Attestation API that powers ShieldCall could be exposed to third‑party Windows applications through the Phone Link bridge. A prototype shown at Build 2026 demonstrated a Teams integration: when a user receives a call from an organization‑saved contact, Teams cross‑checks the caller’s device identity and shows a “verified colleague” badge. That capability, if productized, could dramatically reduce the success rate of internal spear‑phishing attacks.
For now, the takeaway is straightforward: the days when a familiar name on the screen guaranteed a familiar voice on the line are ending. Google’s June 2026 rollout injects a layer of digital trust into every call, leveraging the powerful AI silicon that already sits inside millions of pockets. For Windows users who depend on Android as their mobile companion, that protection now extends seamlessly to the desktop, serving as a model for how cross‑platform collaboration can outpace even the most creative scammers.
No security feature can eliminate human fallibility, but by verifying identity at the device level and scanning for fraud patterns in real time, Google has given every Android user a sharper eye for the invisible con artists on the other end of the line.