Highlights
- Modern smartphones do more than just run apps and shoot photos now; they are first-line defenders against a flood of scams.
- Google’s security blog and the reported Leviathan evaluation together indicate that Android’s protection ranks ahead of Apple’s in particular tests.
- Large-scale telemetry figures and lab assessments support these claims, but they come with some predictable caveats.
Late October 2025 brought with it a clear shift in the smartphone conversation. It was no longer only about cameras, battery life, and raw power. The debate turned squarely to safety – specifically, how well modern phones prevent scams and fraud before they reach the people who rely on them.
Google published a security blog post explaining platform-level protections and highlighted a commissioned lab report comparing several flagship devices. Together, those pieces argue that, in the configuration and tests used, Android handsets such as the Pixel 10 Pro and Samsung’s Galaxy Z Fold 7 provide stronger default protections against incoming scam calls and messages than Apple’s iPhone 17 Pro.
Why these assessments matter
It is a multidimensional picture that Google and media write-ups paint, combining platform telemetry, survey data, and device-level lab assessments. While the Google Security Blog describes large-scale protections across Android and its applications, media coverage has summarized the Leviathan Security Group evaluation, commissioned by Google, which scored specific devices against dozens of criteria related to scams and fraud.
Those combined signals are intended to show not only that Android has many defense layers in place but also that those layers are effective in the field and in lab conditions.
Beyond the qualitative claims, the numbers Google shares are striking. The company reports that Android’s protections intervene at scale, blocking or flagging many malicious calls and messages every month. They also mentioned that backend checks recently stopped a large quantity of suspicious numbers from leveraging the carrier-driven RCS messaging system over a single month. Those figures are meant to communicate both the breadth of the threat and the scale at which platform defenses operate.
The device lab work that received the most excellent attention tested 33 security features and behaviors across four phones, including Google’s Pixel 10 Pro. Samsung’s Galaxy Z Fold 7, Motorola’s Razr+ (2025), and Apple’s 17 Pro.
In the evaluation, the Pixel 10 Pro scored the highest, followed by the Galaxy Z Fold 7 and Razr+, while the iPhone 17 Pro finished behind those Android devices on the specific metrics used in the test. The lab report emphasized call screening, scam detection, and real-time scam warnings as differentiators in the scoring.
How Android’s layered protections work in practice
Android’s approach, as Google describes it, is a deliberate layering of AI-assisted on-device models, app-level filters, and backend checks to intercept suspicious content at multiple stages.
1. Messages
With incoming text messages, for instance, Google Messenger uses sender reputation signals and content analysis to separate likely spam into a different folder and gives contextual warnings when conversational patterns resemble social-engineering scams. Those message checks are often designed to run on the device itself, so sensitive content does not leave the handset but still enables quick detection.
2. Calls
Phone calls are treated similarly. The Google Phone app can automatically block numbers that match known spam profiles. It also offers call screening that answers unknown calls and evaluates the interaction using ephemeral, on-device processing. If a call contains conversational cues that sound like a potential scam, the app can issue a real-time warning before the recipient has to decide how to respond. Google emphasizes that these processes are aimed at protection rather than logging users’ conversations.
3. Platform-Level Protections
Beyond messages and calls, Android’s defenses include platform-level features such as Play Protect for app scanning and Safe Browsing for URL filtering, as well as backend safeguards that detect abusive patterns across services like RCS.
4. Account Security
Supporting capabilities, such as passkey support, password managers that detect phishing login pages, and account-change safeguards, were also considered in the Leviathan evaluation because those measures reduce the chance that successful scams result in account takeovers or long-term damage.
Taken together, these layers aim to catch scams before they deliver, warn users during interactions, and limit the worst outcomes afterward.
Some caveats to keep in mind
The headline comparisons are helpful, but they require context.
Funding Source:
Most importantly, the Leviathan study, which produced device-level scores, was funded by Google. That funding does not automatically invalidate the results, but it does raise standard questions about methodology, selection of test cases, and which defaults were enabled on each device. Independent replication by neutral labs would strengthen confidence in the rankings.
Regional Availability
Feature availability and behavior also vary by geography and carrier. Many of the protections described, especially those that rely on RCS or certain AI features, roll out regionally and often require carriers to enable specific capabilities.
Default Settings
Performance for a given device in the US, for example, as reflected in the metrics cited, may not equate to that in other markets where those services function differently or are unavailable.
Should device owners pick Android?
For those prioritizing out-of-the-box defense against spam calls and deceptive messages, the evidence Google highlights suggests that modern Android devices running the company’s latest protective services can reduce exposure without heavy configuration.
The Android devices tested did well in the specific tests reported and benefited from call screening and message analysis features that were weighted in the evaluation. That makes them attractive choices for people who want automated, layered protection that intervenes early.
However, device choice should also weigh overall ecosystem “fit,” privacy priorities, and regional feature availability. Some people will prefer Apple’s integration, app ecosystem, or privacy model despite the lab result described; others may place more emphasis on features such as tighter local-storage privacy or availability of particular carrier services.
The lab scores are one input in a broader selection decision. Users should balance the reported security benefits against practical needs.
For those seeking actionable next steps, device owners should enable the built-in spam and screening features on their handsets if available, keep operating systems and applications patched, adopt stronger authentication, such as passkeys, and remain skeptical of unsolicited requests. These habits, in combination with the platform defenses described, narrow the window of opportunity for most scams and make successful fraud much harder to achieve.