How Google's Find Hub could use Android 16's Secure Lock to protect your sensitive data
TL;DR Android 16 introduces a 'Secure Lock' feature that enhances the security of remotely locking a lost device.
Secure Lock restricts access to notifications, Quick Settings, widgets, and the digital assistant and requires both the screen lock credential and biometrics to unlock the phone.
While not yet active, we expect this feature to be integrated into Find Hub, automatically boosting the protection of its 'secure device' option.
If you lose your Android phone and are worried about leaking your sensitive data, you can use Google's Find Hub service to remotely lock it down or factory reset it. A factory reset is the most secure choice since it wipes all your data, but it comes with a major downside: you can no longer track the phone. Remotely locking it, on the other hand, allows you to keep tracking it but doesn't completely secure the device. That security gap may soon be a thing of the past, however, thanks to a new Secure Lock feature introduced in the latest Android 16 update.
You're reading an Authority Insights story. Discover Authority Insights for more exclusive reports, app teardowns, leaks, and in-depth tech coverage you won't find anywhere else.
When you mark your device as lost or use the 'secure device' option in Find Hub, the service locks it, requiring your PIN, pattern, or password to get in. It also signs you out of your Google Account, removes payment cards from Google Wallet, and can display a custom message on the lock screen.
Locating a device on Google's Find Hub website
Remotely securing a device via Google's Find Hub website
However, this standard lock leaves several features accessible to anyone who picks up your phone. They can still pull down the Quick Settings panel, view lock screen widgets, access the digital assistant, and see the notification panel (though the notification content itself is hidden). While these don't expose your most sensitive data, they create potential security gaps that are better off sealed.
That's what Android 16's new Secure Lock feature is designed to do. It not only restricts access to the aforementioned features but also enhances the lock screen by forcing multi-factor authentication for device entry. This means a thief would need to know your screen lock (your PIN, pattern, and password) and spoof your biometric data to gain access; one without the other won't be enough. This makes Secure Lock significantly more robust than Identity Check, an existing feature that requires only biometric authentication when your device is away from a trusted location.
When I first revealed that Google was working on the Secure Lock feature earlier this year, I wasn't sure if the feature would actually launch in Android 16. With the release of Android 16's source code earlier this month, though, I can finally confirm the feature is part of the update and share more details about how it works.
For starters, here's how Google describes Android 16's new Secure Lock feature:
'Secure Lock is a new feature that enables users to remotely lock down their mobile device via authorized clients into an enhanced security state, which restricts access to sensitive data (app notifications, widgets, quick settings, assistant, etc) and requires both credential and biometric authentication for device entry.'
Secure Lock can be enabled by privileged system apps with the new MANAGE_SECURE_LOCK_DEVICE permission. These apps can then use the new AuthenticationPolicyManager API to activate the mode. Google describes this API as a 'centralized interface for managing authentication related policies on the device,' adding that it includes 'device locking capabilities' designed to protect Android users in ''at risk' environments.'
When enabling or disabling Secure Lock on a device, a custom message can be shown on the lock screen. If no message is provided, the system will show a default message such as 'Device is securely locked remotely' if Secure Lock has been enabled or 'Secure lock mode has been disabled' if it's been disabled.
Mishaal Rahman / Android Authority
Google's Find Hub can display a custom message on top of the lock screen after remotely securing it.
While it's not in use yet, we have some evidence suggesting that Google will soon implement this feature. Recent versions of the Google Play Services app already include the MANAGE_SECURE_LOCK_DEVICE permission. Since Google's Find Hub service is part of Play Services, it's the clear candidate to use Secure Lock, even if we don't know the exact custom message it will display on the lock screen.
Google could also incorporate Secure Lock into Android's enterprise controls, though this is less likely. The AuthenticationPolicyManager API's description states it is 'not related to enterprise control surfaces and does not offer additional administrative controls,' suggesting it won't be a tool for securing lost corporate devices. That's why we think the Secure Lock feature will be used to silently boost the efficacy of Find Hub's 'secure device' button. We won't know for sure until Google actually deploys it, though.
Got a tip? Talk to us! Email our staff at
Email our staff at news@androidauthority.com . You can stay anonymous or get credit for the info, it's your choice.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
18 minutes ago
- Yahoo
5 Ways Trump Signing the GENIUS Act Could Impact Retirees
On July 18, President Trump signed the Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act into law. Read More: Consider This: The GENIUS Act established regulations for stablecoins: cryptocurrencies pegged to 'stable' assets such as the U.S. dollar. It specified 'permitted payment stablecoin issuers' including both banks and nonbank entities. The law also clarified reserve requirements — the underlying assets held in reserve by the issuer to back the stablecoins, such as U.S. dollars or Treasury bills. So, how might the GENIUS Act impact retirees? Potential for Yield Some stablecoins are designed to generate a yield, despite being spendable like cash. That yield could come from the underlying reserve asset, or from lending out the underlying asset. 'For retirees, stablecoins could offer higher-yielding, low-volatility cash instruments,' explained David Materazzi, CEO of Galileo FX. 'In effect, owners could get the performance of a money market fund with something as spendable as cash. That makes holding liquidity more rewarding without increasing exposure to risk assets.' I Asked ChatGPT What Trump's 'Big Beautiful Bill' Means for Retirees' Taxes: Faster and Cheaper International Payments Owners can transfer stablecoins internationally for pennies, and near-instant speeds. That could make life far easier for family members to support one another across borders and currencies. Magnus Larsson, founder of fintech company MAJORITY, sees huge advantages for international transfers. 'Stablecoins, when properly backed and transparent, offer a more efficient way to move money globally without the delays and fees traditional systems impose, transforming money movement much like VoIP transformed telecom.' Estate Planning Through Smart Contracts Cryptocurrencies allow for smart contracts, in which the owner can set up self-executing orders within the blockchain technology. In other words, owners can set up automated transfers within the cryptocurrency itself — without needing a human intermediary such as a trustee. 'Smart contracts allow more transparent and controlled gifting, even from beyond the grave,' noted financial planner Christina Lynn of Mariner Wealth Advisors. 'While this remains speculative, regulated stablecoins could someday support innovative estate planning tools that automate distributions to beneficiaries and reduce traditional trust administration costs.' High Transparency Means No Privacy Blockchain technology stores every transaction in its history. That transparency is useful, but it also makes the owner's spending public. 'Every transaction becomes traceable, timestamped and stored,' observed Materazzi. 'Retirees used to cash will lose financial privacy entirely. If stablecoins become the default for Social Security or Medicare reimbursements, then spending data becomes a public-private asset.' Risk of Platform Failure Nonbank entities can now issue stablecoins — without being FDIC-insured. Crypto exchanges have failed in the past, or suffered theft. Remember the Mt. Gox heist in 2014? Hackers made off with 850,000 Bitcoins — worth over $100 billion today. Retirement planning counselor Jake Falcon of Falcon Wealth Advisors sees huge risk among issuers. 'Without FDIC insurance or SIPC protections, losses could be permanent,' he said. 'Allowing nonbank entities to issue digital currencies without uniform oversight could echo the 19th-century wildcat banking era, where unregulated banks issued their own notes, often leading to collapse.' Stablecoins offer both opportunities and risks to retirees. Proceed with caution after speaking with your financial advisor. More From GOBankingRates Mark Cuban Warns of 'Red Rural Recession' -- 4 States That Could Get Hit Hard Here's the Minimum Salary Required To Be Considered Upper Class in 2025 Mark Cuban Tells Americans To Stock Up on Consumables as Trump's Tariffs Hit -- Here's What To Buy This article originally appeared on 5 Ways Trump Signing the GENIUS Act Could Impact Retirees Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
18 minutes ago
- Yahoo
A New Email Scam Is Shockingly Realistic, Here's Everything You Need To Know About Protecting Yourself
An email hits your inbox from an unknown sender that includes a picture of your house and address, followed by a threat: 'Don't even try to hide from this. You have no idea what I'm capable of….I've got footage of you doing embarrassing things in your house (nice setup, by the way).' Sounds like a scene out of a horror film, right? Instead, it's one of the latest phishing scams. Like many other email and text scams, this particular extortion scheme uses specific personal information to deceive people into sending money. The email convinces people the hacker knows more about them and that they must exchange payment or Bitcoin in order to keep their information safe. 'I received a PDF over email that included my address and photo of the address and made outrageous claims about my private behavior, and claimed to have video documentation captured from spyware on my computer,' Jamie Beckland, a chief product officer at the tech company APIContext, told HuffPost. 'The scammer threatened to release the video if I didn't pay them via Bitcoin.' If you get a similar email, here are the steps you can take to figure out if it's a scam so you protect yourself: Confirm the house and street imagery on Google Maps. Related: Many phishing emails are often riddled with grammatical errors and poor formatting, which make them easier to identify. However, this scam, which includes images of people's homes, is a newer, darker twist. You might be asking yourself, how exactly was the scammer able to identify your house address? According to Al Iverson, a cyber expert and industry research and community engagement lead at the software company Valimail, the sender likely found your address from a prior data breach that leaked personal data, and then used a Google Maps photo to put together an email. Beckland was able to confirm this is a scam by comparing the image in the PDF to the Google Maps street view of his house. Most images in these scams are pulled from online sources, so he recommends that people check to see if the image was copied from the internet. If so, it's clearly not legitimate. Examine the email address and check for legitimacy. Related: Iverson recommended checking the email address' legitimacy whenever you receive any correspondence from unknown users. 'Check whether the sender's email domain matches the official organization's website,' he said as one example. 'Also, if using Gmail, look for 'show original message' and review SPF, DKIM, and DMARC results.' These are essentially methods that verify the emailer's domain to prevent spam, phishing attacks and other email security risks. To do this, click on the three-dot hamburger menu at the top right of your email and click 'Show Original.' 'All three should ideally pass authentication checks,' Iverson said. In other words, it would say 'PASS' next to all three options. Scammers have become very sophisticated when masking domains. As a result, beware of 'lookalike' domains with slight spelling variations. According to Iverson, if something seems too good (or too bad) to be true, it probably is. Another thing to keep an eye out for is if a scammer sends a message 'from' your own email address. Oftentimes, they are just spoofing your email address in the 'from' address header. 'These scammers don't have the time or ability to actually hack into your email accounts. They haven't found some secret treasure trove of compromising photos. They're just trying to scare unsuspecting people into coughing up money (or Bitcoin),' Iverson added. Don't click unfamiliar links, especially related to payments. If an email seems legitimate, you might accidentally click on the links it contains for more information. Zarik Megerdichian, founder of Loop8, a company that protects personal data and privacy from data breaches and hackers, strongly cautions against this. 'Exercise caution any time you're asked to click on a link in an email,' Megerdichian said. 'Bitcoin transactions are irreversible, as are many other common payment methods including Cash App and Zelle.' Further, scams that demand remuneration should be reported to the Federal Trade Commission by filing a report online or via phone. Megerdichian also noted that if a hacker has obtained details about your financials, monitor your bank accounts closely and dispute fraudulent charges with your bank, cancel your cards and preventatively stop future charges. Update and change your passwords. Related: It's also highly advisable when confronted with an elaborate scam to change all of your passwords. According to Yashin Manraj, CEO of Pvotal Technologies, a company that creates secure tech infrastructures for businesses, it's important to protect your data right away if you suspect it's been compromised. 'Use a new email address if possible and move critical financial or utilities to it, and then start reporting the case to the local police, the FBI and making sure your family is aware of the potential threat of a public shaming in the unlikely event that they did manage to steal some compromising data,' Manraj said. Do not engage with the scammer. Related: It might feel tempting to respond to an email (especially ones that seem very realistic) to negotiate with the scammer. However, Manraj recommends disengaging and ignoring these emails because responding can actually place you on call logs and target databases that will make you vulnerable to further attacks. It's also advisable to isolate your home network via a separate Wi-Fi or router, using a VPN to connect to the internet. Most importantly, do not ask for specific help on public forums, especially when uploading logs or error messages. 'Be especially careful when using virtual numbers and password managers on unpopular websites to avoid reusing personally identified information that could be used to access your important financial services,' Manraj explained. Finally, be mindful about what data you are sharing in the future. Users should remember that data is a commodity, and businesses today collect too much information (often more than they need to complete the transaction at hand). When signing up for new websites or downloading apps, Megerdichian suggests avoiding oversharing. 'Always ask yourself, do they really need to know that? It's up to consumers to be proactive when it comes to their personal data,' Megerdichian article originally appeared on HuffPost. Also in Goodful: Also in Goodful: Also in Goodful:
Yahoo
an hour ago
- Yahoo
Brief Video Explores How Elon Musk's Starlink Could Reshape the Future of Global Communications
Baltimore, MD, Aug. 03, 2025 (GLOBE NEWSWIRE) -- James Altucher examines how Elon Musk's Starlink network could permanently alter the telecommunications landscape and set the stage for a new era of global connectivity. 'Fifty years from now, people may remember it as one of the greatest innovations of the 21st century,' Altucher says in the presentation. 'An innovation which could be bigger than Tesla or anything else Elon has done before.' A Threat to Legacy Telecom Giants The brief presentation outlines how Starlink's satellite-based system bypasses traditional infrastructure, a move that could disrupt the $2.18 trillion telecom industry. 'For consumers like you and I, Elon's Starlink is a godsend… for the $2.18 trillion telecom industry, it's their worst nightmare,' the presentation states. Altucher points to existing providers' high costs and slow speeds compared to global peers as evidence of an industry vulnerable to disruption. Connecting the Remaining Third of the World Starlink's impact extends beyond urban markets, with Altucher highlighting the 2.9 billion people currently without internet access. 'By connecting these people – many of whom live in rural areas – to the world wide web, it could help unlock an incredible amount of additional economic value,' Altucher explains. He argues that this mass inclusion could trigger a wave of innovation and commerce in previously disconnected regions. Redefining How We Live and Work Altucher's presentation describes Starlink's potential to reshape not just business, but daily life. 'This technology is set to change how we shop… how we travel… how we conduct business… down to a personal level, too… changing how we interact with our friends and family,' he notes. By enabling seamless high-speed connectivity anywhere, he predicts a future where distance is no longer a barrier to opportunity or communication. August 13 as a Turning Point? According to Altucher, several developments point to August 13, 2025, as a possible milestone date for the network's trajectory. 'This elite meeting makes it the perfect place for Elon to take the stage… and announce to the world that he's spinning off Starlink from SpaceX,' Altucher predicts of the upcoming industry gathering. About James Altucher James Altucher is a technology entrepreneur, venture capitalist, and Wall Street Journal bestselling author recognized for spotting transformative innovations before they hit the mainstream. CNBC has called him 'one of the best venture capitalists, angel investors, and tech entrepreneurs in the world.' He has been an early supporter of companies that changed entire industries and is the founder of Altucher's Investment Network and the host of , downloaded more than 40 million times worldwide. CONTACT: Derek Warren Public Relations Manager Paradigm Press Group Email: dwarren@ in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
