- The Latest
  Regular reporting on government secrecy, surveillance, and the rights of reporters and whistleblowers.
  - The Classifieds
  - News Releases
- Technology
  Working open source software products to protect journalists, newsrooms, and their sources.
  - SecureDrop
  - Dangerzone
- U.S. Press Freedom Tracker
  A database of press freedom incidents in the United States.
  - Data Visualizations
  - Explore the Database
- Digital Security Education
  Digital security trainings and resources for journalists.
  - Request a Training
  - Guides & Resources
- About Us
  Protecting and defending press freedom when we need it the most.
- Our Team
  - Staff & Contributors
  - Board of Directors
- Transparency
  - Reports & Financials
  - Announcements
- Get in Touch
  - Jobs & Internships
  - Contact Us
Take action
Donate

Device safety

Android’s Intrusion Logging turns the tables on spyware

Published May 27, 2026 Updated May 27, 2026 / Dr. Martin Shelton

Freedom of the Press Foundation (CC BY 4.0)

The Digital Security Digest, by Freedom of the Press Foundation (FPF), is a weekly newsletter with security tips that keep you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.

Android’s Intrusion Logging aims to capture evidence of spyware and forensic tools

Since last June, Google has offered Android users a feature called Advanced Protection, which aims to better defend journalists and others at risk of intrusion. It works by disabling some features known to be used in targeted exploits, as well as enabling some optional security features built into Android.

In partnership with Amnesty International and Reporters Without Borders, Google is now extending Advanced Protection’s capabilities with an additional, opt-in feature called Intrusion Logging. Both targeted spyware and the government forensic tools designed to make copies of smartphone data may leave behind logs showing that devices have been tampered with. Previously, Android would not keep these logs for long, making it difficult for security researchers to conduct a thorough analysis. Likewise, sometimes attackers will cover their tracks by deleting logs.

Intrusion Logging produces a new log intended to document errors, and to provide further evidence of tampering which may be a signal of spyware. These logs are sent to users’ Google accounts, where an attacker will have a tougher time covering their tracks. According to TechCrunch, “The logs are also encrypted so that only the user can access and share the logs with investigators, and Google cannot access them.” Read more.

What you can do

As always, update! Google says Intrusion Logging is available on all Pixel devices running Android 16 and up. It will come to more devices running Android 16 soon.
Try out Advanced Protection. Whether you are a journalist or someone else at risk, or perhaps just want some peace of mind knowing your device is locked down, try it and see if it works for you. Go here: Settings app > “Security & privacy” > “Advanced Protection”
Apple users: Try out Lockdown Mode. This powerful feature is designed to harden your Apple devices by disabling some capabilities of your phone that are known to introduce risk, similar to Android’s Advanced Protection. On your iPhone, go here: Settings app > “Privacy & security” > “Lockdown Mode”

Updates from our team

Speaking of which, in our most recent advice column, we talk about the benefits and trade-offs of Lockdown Mode. If you want to learn more about this security trainer’s candid experience using it, check out our post. (Spoiler: There are trade-offs! But on balance, I still recommend it.)
Filmmakers: My colleague, Davis Erin Anderson, will be co-facilitating a digital security training at the International Documentary Association in Los Angeles this Friday, May 29, at 9 a.m. PT. Registration for the event has closed, but if you’re around, don’t hesitate to say hi. We might even have digital security digest stickers on hand.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Martin

–

Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation