Morning Overview

Google’s Phone app will now warn you when a scammer is spoofing a trusted contact’s number.

Google is rolling out a feature called fake call detection in its Phone by Google app as part of the June 2026 Android update. The tool uses an end-to-end encrypted RCS handshake between devices to verify whether an incoming call actually originates from a trusted contact’s phone, then warns the user if a scammer appears to be spoofing that number. The feature works when both parties use Phone by Google, a requirement that raises questions about how effective it will be against fraud targeting users outside that ecosystem.

Caller ID spoofing meets device-level verification

Scammers have exploited a basic weakness in phone networks for years: caller ID can be faked so that a call appears to come from a bank, a government agency, or even a family member’s number. The Federal Trade Commission warns consumers not to trust caller ID alone because spoofing is cheap, widely available, and difficult for carriers to block at scale. The FCC maintains a separate consumer resource directing victims to file complaints and report spoofing through its unwanted calls portal, underscoring how pervasive the problem has become.

Google’s response targets the problem at the device level rather than the network level. When someone calls a Phone by Google user, the app performs what Google describes as a “digital handshake” over end-to-end encrypted RCS. If the handshake confirms the call is genuinely coming from the contact’s device, the call proceeds normally. If it cannot be verified, or if the caller is spoofing the number, the app surfaces a warning. In its own explanation of the feature, Google says that fake call detection flags suspected spoofed calls when both parties use Phone by Google, making the verification mutual rather than one-sided.

That mutual requirement is the central limitation. The handshake depends on both the caller and the recipient running the same app with RCS enabled. Calls from landlines, older phones, or devices using a different dialer app cannot participate in the verification process. Google has not published documentation explaining what happens in those cases, whether the call simply passes through without a warning or whether the user sees an “unverified” label. The distinction matters because scammers specifically target people who are least likely to have the latest software protections.

What Google’s encrypted handshake can and cannot prove

The June 2026 Android feature page frames the update in direct terms: users can “spot scammers impersonating your contacts” and “get alerts if a scammer appears to call from a number you trust.” Google’s product announcement adds that Phone by Google can now verify whether a call is actually coming from a contact’s device. These are strong claims, and the underlying mechanism, a device-to-device cryptographic check over RCS, is technically sound for the scenario it covers.

The scenario it covers, though, is narrow. The feature protects Android users who have Phone by Google installed and who receive calls from other Android users with the same app. Calls between platforms that do not share Google’s dialer, such as those placed from iPhones or from business VoIP systems, fall outside the verification chain. Even within Android, many manufacturers ship their own dialer apps by default, and users may not switch to Google’s option unless they are aware of the new protection and motivated to change their habits.

Because the system validates the device rather than the person, it also cannot guarantee that the individual on the other end is who the recipient expects. If a contact’s phone is stolen or compromised, a verified handshake would still show the call as authentic. The feature is designed to stop number spoofing, not broader account takeover or social engineering, but that nuance may be lost on users who see a green check mark and assume overall safety.

No independent testing data or detection accuracy metrics have been published. Google has not released false-positive or false-negative rates, and neither the FTC nor the FCC has issued a statement evaluating the feature’s expected impact on spoofing complaint volumes. An Interpol report cited in Google’s announcement highlights rising global financial fraud threats that rely on spoofing tactics, but the report does not assess Google’s specific technical approach or quantify potential reductions in losses.

The absence of third-party evaluation means the feature’s real-world effectiveness is untested at scale. A cryptographic handshake can confirm device identity with high confidence when both endpoints cooperate, but the open question is whether enough endpoints will cooperate to make a measurable dent in spoofing-driven fraud. Until researchers, regulators, or consumer advocates can study outcomes over time, fake call detection remains a promising but unproven layer in a broader anti-scam toolkit.

Gaps in coverage and the scammer adaptation problem

The core tension behind this update is whether partial protection changes scammer behavior or simply redirects it. If fake call detection reliably flags spoofed calls between Phone by Google users, fraudsters have a clear incentive to shift toward targets who do not use the app, or to move to channels where the handshake does not apply. Text-based scams, messaging apps, and email phishing already account for a large share of impersonation fraud, and none of those vectors are addressed by a voice-call verification feature.

Google has not disclosed how the app handles edge cases such as call forwarding, number porting, or dual-SIM devices where a contact’s number might legitimately originate from a different handset. These are common real-world configurations, and without clear documentation on fallback behavior, users may encounter confusing warnings or, worse, develop false confidence that any unwarned call is safe. If the system labels too many legitimate calls as unverified, people may start to ignore the alerts; if it labels too few, scammers will quickly learn which gaps to exploit.

There is also the question of equity in protection. People most vulnerable to phone scams-older adults, recent immigrants, and those with limited technical literacy-are not always the first to install or configure new apps. A solution that requires the latest Android update, RCS support, and a specific dialer may primarily shield more tech-savvy users, while leaving high-risk groups exposed. Unless carriers, platform vendors, and regulators coordinate on broader standards, device-level fixes will remain inherently piecemeal.

What users can do now

For Android users who already have Phone by Google installed, the fake call detection feature arrives automatically through the June 2026 update, with no separate download required. Once it is enabled, the safest way to treat its alerts is as an extra signal, not a definitive verdict. A warning that a call cannot be verified should prompt caution, but the absence of a warning should not be interpreted as proof that the caller is legitimate.

Security experts consistently recommend behavior-based defenses that do not rely solely on technology. If a call claims to be from a bank, a government agency, or a company you do business with, hang up and dial back using a number from an official website or the back of a card, rather than a number provided by the caller. Never share one-time passcodes or account credentials over the phone, even if the caller knows personal details about you. And if something feels rushed or threatening, that pressure is itself a red flag.

Users who suspect they have received a spoofed or fraudulent call should still report it through official channels. In the United States, complaints can be filed with the FTC and with the FCC’s consumer complaints system, which both rely on public reports to identify patterns and prioritize enforcement. Google’s fake call detection may help reduce some types of impersonation, but it is only one layer in a defense strategy that still depends heavily on user skepticism, regulatory oversight, and ongoing enforcement against the organizations that enable large-scale spoofing.

More from Morning Overview

*This article was researched with the help of AI, with human editors creating the final content.