Android 17’s verified financial calls feature ends calls impersonating your bank before you hear a word. Announced by Eugene Liderman, Director of Android Security and Privacy at Google, the feature works by checking with your bank’s app in real time whether an incoming call is legitimate. If the bank cannot confirm it, the call ends automatically. Google and EUROPOL data estimate call spoofing causes $980 million in annual losses globally.
The feature works on Android 11 and above, not just on Pixel devices. The initial banking partners are Revolut, Itaú, and Nubank, with more institutions joining through the rest of 2026.
TL;DR: Android 17 verified financial calls runs on Android 11 and above and silently checks with your bank’s app whether an incoming call is real. It ends the call automatically if verification fails. Revolut, Itaú, and Nubank are in first, with more banks coming. The update also brings expanded Live Threat Detection, biometric Mark as Lost protection, SMS OTP delays, and tighter PIN attempt limits.
How Android 17 verified financial calls work on your phone
Verified financial calls activates in the background when your phone receives a call appearing to come from a participating bank or financial institution. Android contacts the bank’s app and asks whether the institution is actually placing that call at that moment.
If the app cannot confirm it, the system ends the call. Banks can also designate certain numbers as inbound-only, meaning they never call customers from those lines. Calls from those numbers are ended immediately, without even querying the app.
Having the bank’s app installed and being signed in is the only requirement on your end. There is no toggle to enable, no notification to respond to. The protection is active automatically for every participating institution where that condition is met.
The mechanism differs from existing spam call warnings, which rely on pattern recognition and number reputation databases. Verified financial calls asks the institution directly for a real-time confirmation rather than matching the number against a list of known bad actors.
The spoofing problem this is designed to fix
Call spoofing uses internet-based calling systems to replace the outgoing caller ID with any number the attacker chooses. Your screen shows your bank’s real name. The call looks exactly like one you would want to answer.
Before verified financial calls, no system at the OS level could automatically distinguish a spoofed call from a real one. The only protection available was your own judgment: does the request sound unusual, should you hang up and call the number printed on your card. That call is harder to make correctly when the voice on the line sounds professional and the urgency feels real.
EUROPOL data cited by Google estimates the practice costs consumers $980 million each year globally. The financial impact is not evenly distributed. Scammers target people less familiar with how banks typically communicate, and they time calls to amplify pressure. A call claiming your account is compromised, displayed under your bank’s verified name, is harder to dismiss than an unknown number.
What the rest of Android 17’s security update changes on your device
Verified financial calls is the headline addition, but the Android 17 update ships several other security changes that apply across all eligible devices.
Live Threat Detection, Google’s on-device AI security scanner, now flags apps that forward your SMS messages to a secondary number. That pattern is a common early step in SIM swap and account takeover attacks, where malware intercepts verification codes before you see them. The feature also detects accessibility overlay abuse, where an app places invisible content on your screen to trick you into tapping something you did not intend to tap.
Mark as Lost in Find Hub gains a biometric requirement. Previously, a thief who had your passcode could disable device tracking after you marked the phone lost. Android 17 requires a fingerprint or face unlock to access the device in lost mode even if the correct PIN is entered. Theft protection is now enabled by default on all new Android 17 devices and on any device freshly reset or upgraded to Android 17.
SMS one-time passwords are hidden from most apps for three hours after arrival, closing the window for malware to intercept codes while they are still valid. The OS also limits consecutive failed PIN attempts and extends the wait time between each failure.
| Feature | Minimum Android | Requirement | Status |
|---|---|---|---|
| Verified financial calls | Android 11+ | Bank app installed and signed in | Active: Revolut, Itaú, Nubank |
| Live Threat Detection (expanded) | Android 17 | Automatic | Rolling out now |
| Mark as Lost biometric | Android 17 | Automatic via Find Hub | Rolling out now |
| OTP 3-hour delay | Android 17 | Automatic | Rolling out now |
| PIN attempt limits | Android 17 | Automatic | Rolling out now |
What these features actually require from you
Verified financial calls requires Android 11 or higher with a participating bank’s app installed and your account signed in. Revolut, Itaú, and Nubank users already have the protection active. For other institutions, availability depends on when their bank joins the program. Google has confirmed expansion through 2026 but has not published a schedule of upcoming additions.
The Mark as Lost biometric layer, expanded Live Threat Detection, OTP delays, and PIN attempt limits all come with the Android 17 update itself. For Pixel 6 and above, that is rolling out now as a standard over-the-air update. For Samsung devices, the equivalent security package arrives with One UI 9 on Samsung in Q3 2026.
None of these features require configuration after the update installs. Verified financial calls works automatically through your bank’s app. Every other security change runs at the system level without setup. If your phone is on Android 11 or above and your bank is in the program, the protection is already running.
