Any new phone almost certainly comes with a handful of preinstalled apps you'll never use, regardless of which manufacturer you buy from or which operating system you're on. Some devices are more bloated than others: Google Pixels have a relatively "clean" build compared to Samsung phones, for example, and don't typically come with third-party apps and games.

But you may still want to eliminate apps and features that clutter your home screen, take up valuable space, and create a drag on performance, especially if you have alternatives you like more. On Android, that likely means uninstalling what you easily can and disabling everything else.

What you can (and can't) uninstall on Android

Unfortunately, many preinstalled first-party apps can't be easily removed. This varies by manufacturer and device—for example, Pixel users can uninstall Google Play Games and Books but are stuck with Chrome, Drive, Maps, and Calculator. As HowToGeek points out, you can delete other pre-selected Google apps added during initial setup, such as the Pixel Watch app and NotebookLM.

On Samsung Galaxy phones, again, some preinstalled bloatware is locked in, but ZDNET calls out five native apps that most users should delete right away: Global Goals, Samsung Free, Samsung TV Plus, Samsung Shop, and Samsung Kids.

To uninstall an app on your Pixel, go to the Google Play Store and tap the Profile icon. Tap Manage apps & devices > Manage, select the app you want to remove, and tap Uninstall. On Samsung, go to Settings > Apps, tap the app name, and tap Uninstall > OK. You can also touch and hold the app icon on your home screen and tap or drag to uninstall.

If you're absolutely set on removing preinstalled apps that can't be deleted using the above steps, you can use the Android Debug Bridge (ADB), but these methods are more advanced.

How to disable preinstalled apps

Built-in apps that aren't in use can be disabled, which hides the icon from your app drawer. They'll still take up space, but at least they'll be out of sight. Most preinstalled apps can be disabled if you don't need them, with the exception of critical system apps.

On your Pixel, go to Settings > Apps > See all apps to select individual apps, and tap Disable at the top of the screen. You can hide preinstalled Samsung apps from your home screen settings: tap Hide apps and tap the icon of the apps you want to disable, the press Done.

Hackers continue to find ways to sneak malicious extensions into the Chrome web store—this time, the two offenders are impersonating an add-on that allows users to have conversations with ChatGPT and DeepSeek while on other websites and exfiltrating the data to threat actors' servers.

Beware these Chrome extensions

On the surface, the two extensions identified by Ox Security researchers look pretty benign. The first, named "Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI," has a Featured badge and 2.7K ratings with over 600,000 users. "AI Sidebar with Deepseek, ChatGPT, Claude and more" appears verified and has 2.2K ratings with 300,000 users.

However, these add-ons are actually sending AI chatbot conversations and browsing data directly to threat actors' servers. This means that hackers have access to plenty of sensitive information that users share with ChatGPT and DeepSeek as well as URLs from Chrome tabs, search queries, session tokens, user IDs, and authentication data. Any of this can be used to conduct identity theft, phishing campaigns, and even corporate espionage.

Researchers found that the extensions impersonate legitimate Chrome add-ons developed by AITOPIA that add a sidebar to any website with the ability to chat with popular LLMs. The malicious capabilities stem from a request for consent for “anonymous, non-identifiable analytics data." Threat actors are using Lovable, a web development platform, to host privacy policies and infrastructure, obscuring their processes.

Researchers also found that if you uninstalled one of the extensions, the other would open in a new tab in an attempt to trick users into installing that one instead.

How to avoid malicious browser add-ons

If you've added AI-related extensions to Chrome, go to chrome://extensions/ and look for the malicious impersonators. Hit Remove if you find them. As of this writing, the extensions identified by Ox no longer appear in the Chrome Web Store.

As I've written about before, malicious extensions occasionally evade detection and gain approval from browser libraries by posing as legitimate add-ons, even earning "Featured" and "Verified" tags. Some threat actors playing the long game will convert extensions to malware several years after launch. This means you can't blindly trust ratings and reviews, even if they've been accrued over time.

To minimize risk, you should always vet browser extensions carefully (even those that appear legit) for obvious red flags, like misspellings in the description and a large number of positive reviews accumulated in a short time. Head to Google or Reddit to see if anyone has identified the add-on as malicious or found any issues with the developer or source. Make sure you're downloading the right extension—threat actors often try to confuse users with names that appear similar to popular add-ons.

Finally, you should regularly audit your extensions and remove those that aren't essential. Go to chrome://extensions/ to see everything you have installed.

Google is adding a slate of AI features to Gmail that could save some of the hassle of searching for important information buried in messages and threads. Many users will soon see a more personalized inbox with AI-powered suggestions, summaries, and proofreading support. Plus, some AI functionality that was previously available only to paid subscribers will be rolling out to all Gmail users, including Help Me Write, AI Overviews for threaded emails, and Suggested Replies.

See personalized, AI-powered snapshots

Gmail users will soon have an AI Inbox view with two sections. "Suggested to-dos" will show immediate action items found in your inbox, such as bills to be paid and appointments to be confirmed. The task will be bolded and followed by a summary and a link to the relevant email or thread. Below that, "Topics to catch up on" includes items that are less urgent (but still important), such as order status and event updates.

AI Inbox is an optional toggle in the Gmail side panel. You won't see it immediately, though—the feature is being made available to those in Google's Trusted Tester program before launching for users more broadly "in the coming months."

Get AI Overviews via Gmail search

Google AI Pro and Ultra subscribers will also be able to get AI Overviews from natural language questions typed into the Gmail search bar (just like a Google search). Instead of a running standard keyword search and clicking through multiple message threads, you'll be able to ask things like “Who was the plumber that gave me a quote for the bathroom renovation last year?” and get a detailed summary of information pulled from emails in your inbox. The response will also provide citations to specific threads.

AI will proofread your emails

Finally, Gmail will have a built-in, AI-powered proofreading feature that will check grammar, tone, and style and analyze your emails for clarity and structure. Similar to third-party tools like Grammarly, you'll see one-click suggestions for fixing typos, simplifying sentence structure, selecting improving word choice, and making writing more concise.

Like AI Overviews, Proofread will be limited to paid subscribers. Note that these AI features are optional and can be disabled, and Google says it does not use personal information or content to train its AI models.

There are likely occasions in your day-to-day life in which you allow someone else to use your phone, whether it's letting your kid play a game or sharing content with a friend. You may do this without thinking about the privacy implications and what might happen if another person has access to everything on your device and—accidentally or on purpose—uses it to view your search history, scroll through your photos, or send messages to your contacts.

If you're an Android user, you should enable app pinning to keep others from snooping around your device. This feature keeps the user in the pinned app until you enter your PIN, pattern, or password. (On iOS, you can achieve a similar effect with Guided Access, which also allows you to set time limits and disable the keyboard and touch input.)

Enable app pinning on Android

To pin apps, you'll need to enable the feature in your phone's Settings app. To do so, go to Security or Security & location > Advanced > App pinning and toggle on Use app pinning and Ask for PIN before unpinning.

Before handing your phone over, open to the app screen you want to pin, then swipe up to the middle of the screen and hold to open your Overview. Tap the app's icon, then tap Pin. This will keep the user locked into that app until you unpin (using your PIN, pattern, or password).

Depending on your device navigation settings, there are a few ways to unpin an app:

• Gesture navigation: Swipe up and hold

• 2-button navigation: Touch and hold Back + Home

• 3-button navigation: Touch and hold Back + Overview

Note that pinning won't prevent someone from using the app fully, such as swiping through your photos or typing in the search bar, as Android doesn't have the option to disable touch. Pinned apps can also open other apps. At the very least, though, it keeps someone from having access to anything and everything on your device.

There's very little privacy on the internet: Data brokers collect tons of information about you and your online activity and sell it to anyone interested in marketing to you. California residents have gained more control over their personal data than those in other states since the passage of the California Consumer Privacy Act (CCPA) in 2018, and they now have a one-stop shop for requesting that their information be removed from hundreds of data brokers registered with the state (and any that do so in the future).

California isn't the only state to enact stronger consumer privacy laws in recent years, but its Delete Requests and Opt-Out Platform (DROP) is the first of its kind. The tool is live now, though brokers won't begin processing submissions until August. Here's what to do now if you live in California—and some options for removing your information from data brokers if you don't.

How to sign up for California's data removal platform

To get started with DROP, you'll need to confirm that you are, in fact, a California resident by verifying personal information via California Identity Gateway or signing in with Login.gov credentials. To be eligible, you must either live in California or be domiciled in the state even if you live elsewhere temporarily. (This is based on the location of your primary residence, where you are registered to vote, and which state issued your driver's license.)

You will then be able to create and submit a deletion request. You'll need to provide some personal data, which will be used to match your request with records held by data brokers. Data types include names, date of birth, zip codes, email addresses, phone numbers, Mobile Advertising IDs (MAIDs), and vehicle identification numbers (VINs). You can enter multiples of everything except your date of birth and update your request at a later time—if you get a new car or change your email, for example.

While you can begin submitting requests now, know that data brokers won't actually begin processing them until August 2026 and could take up to 90 days from then to delete your data. If they find a match, they are required to delete all of the information they have about you, though there are some exceptions, such as data available through public records or provided directly to a business.

Once processing begins later this year, you'll be able to track the status of your request on the DROP platform.

Alternatives for deleting your data

If you don't reside in California and qualify for DROP, all is not lost—though you will have to invest a bit more time and/or money to remove your information from data broker sites than simply mass deleting via a single request.

To start opting out of data collection, download Consumer Reports' donation-based Permission Slip app, which tracks where your data can be found and follows up on removal requests. You can try to manually opt out by identifying data brokers and going directly to their sites, but this can be tedious, and there are a handful of other paid services that will do it for you. (None are perfect, nor do they guarantee 100% success.)

We also have a guide to blocking companies from tracking your online activities, which can help mitigate the problem somewhat before it begins.

Your phone is a one-stop shop for a lot of your personal information, from day-to-day activities logged in your calendar and email to financial data accessed via banking apps. If you let someone else use your device—whether you're showing a friend a collection of photos or allowing a stranger to make an emergency call—there's a lot you don't want them to be able to see.

If you're an iPhone user, there are several features you can enable to prevent others from snooping around your device.

Use Guided Access

If you don't want someone using your device to see anything else on it, you can turn on Guided Access, which limits them to a single app (such as Phone or Photos). This essentially locks down your screen and prevents navigation outside of the specific features you make available.

First, go to Settings > Accessibility > Guided Access and toggle the feature on. Tap Passcode Settings to set up a specific passcode or flip the Face ID toggle to use biometrics to end Guided Access sessions.

To start a Guided Access session before handing over your phone, open the app and triple click the side button. You can circle specific areas of the screen you don't want to respond to touch (such as swipes through Photos). Tap Session Settings at the bottom to set a time limit, disable the keyboard, and manage button press options. Then tap Start.

To end a Guided Access session, triple-click the side button and enter your passcode or double-click and authenticate with Face ID.

You can also lock or hide specific apps

Some mobile apps, like financial apps and password managers, already require you to log in or authenticate with your username and password combo or device biometrics every time you open them. You can also lock down other individual apps on iPhone so Face ID, Touch ID, or a passcode is required for access. To lock an app from your home screen, touch and hold the icon until the quick actions menu appears, then tap Require Face ID.

Alternatively, you can hide apps so others cannot see them on your device (let alone open them) unless you authenticate using Face ID, Touch ID or a passcode. To hide an app, tap and hold the icon on the home screen and tap Require Face ID in the quick actions menu. Tap Hide and Require Face ID > Hide App. If you need to open a hidden app, swipe left on your home screen to reach your App Library, locate the Hidden folder at the bottom, and tap and authenticate to unlock the folder followed by the app.

(Note that some native iOS apps, including Calculator, Camera, Clock, Contacts, Find My, Maps, Shortcuts, and Settings, cannot be locked, and system apps that come preinstalled cannot be hidden.)

Some Grubhub users have received a tempting email offer from the food delivery service: Send $1,000 in bitcoin to a specified wallet, and get 10 times that amount back. Unfortunately, this is very much a scam.

As BleepingComputer reports, these promo emails were sent from addresses on b.grubhub.com, a legitimate Grubhub subdomain, so they appear verified in recipients' inboxes. Two examples of senders include merry-christmast@b.grubhub.com and crypto-promotion@b.grubhub.com.

Beyond that, there are some pretty clear red flags. The subject line reads "30 minutes left - We'll 10x your Bitcoin!" to promote a sense of urgency and an offer too good to be true (but also too good to ignore). The body includes the recipient's name and instructions on how to participate in Grubhub's "Holiday Crypto Promotion" with a bitcoin wallet address.

While Grubhub has acknowledged the problem, they haven't released any details as to what facilitated attackers sending emails using a company address. The company did suffer a major security breach earlier this year, resulting in the leak of some user data (including names and email addresses).

There are several varieties of the crypto reward scam

The Grubhub email promotion is a pretty typical example of a cryptocurrency scam. The Federal Trade Commission outlines several variants, including get-rich-quick schemes guaranteeing big returns on your investment and celebrity-promoted "giveaways" that claim to multiply any funds you send.

If you fall for crypto fraud, there's no way to track or get your money back, and even if victims are few and far between, scammers can score big paydays. That's why you should be especially wary of anything and everything requiring a crypto transaction, especially if the offer sounds urgent or provokes a sense of either excitement or fear. And remember that no legitimate organization—government agency, law enforcement official, utility company, or prize promoter—will ever ask for payments in cryptocurrency.

If you received gift cards over the holidays, don't throw them in a drawer and forget about them. While many gift card scams involve thieves demanding payments—for everything from taxes and fines owed to outstanding utility bills—via prepaid cards, there's a less obvious type of fraud known as gift card draining.

How gift card draining scams work

If you forget how much money is on a gift card you received a while ago, you're likely to check the balance online. You'll typically need to enter your card number and PIN or security code, but some websites that claim to provide gift card balances are actually collecting that information to use it later. Always use the official site listed on the back of your card, or better yet, call or visit the retailer directly to confirm the balance.

In another version of this scam, fraudsters have set up sites offering to pay you for gift cards you don't want or won't use. They may claim to purchase your $100 card for $90—which sounds better than no money at all—but are simply out to steal the card information and drain the funds, and you'll never actually see that cash. Sites promoting that type of deal are typically not legitimate.

When you purchase or receive a gift card, keep the receipt, note the starting balance, and register it with the retailer or transfer the funds from the gift card to your existing account if those options are available. If possible, change the PIN, and spend the funds sooner rather than later.

Gift card scams begin in the store

If you're considering buying physical gift cards in the future, be sure to check for signs of a scam. Fraudsters will tamper with cards in stores by adding stickers over the barcode, so when you check out, the funds you pay go to their account rather than the card itself, which means the balance will be zero when the recipient goes to spend it. Scammers can also record the card number and activation PIN or security code, then reseal the packaging and replace the card on the rack—once the card is paid for or activated, they use the information to spend the funds.

Inspect gift cards purchased in-store carefully for added stickers, damage to the packaging, or scratch-off coating that has been removed. You can avoid some risk by purchasing gift cards online directly from the merchant's website (as gift cards sold at steep discounts on social media or deal sites are often scams).

And if you do end up with a scam card, you can file a report with the gift card issuer, though your mileage may vary in terms of recovering funds. The Federal Trade Commission (FTC) has a list of fraud contacts for some of the most popular card retailers, including American Express, Visa, and Amazon.

If you use WhatsApp, you may be targeted by scammers looking to take over your account by pairing their browser to your number. This scheme, dubbed GhostPairing by researchers, uses WhatsApp's device linking process to allow fraudsters to access all of your messages, impersonate you in chats, and perpetuate the scam to your contacts. Here's how threat actors are hijacking WhatsApp accounts—and how to defend yours.

GhostPairing manipulates WhatsApp device linking

WhatsApp allows users to link their desktop or browser to their account without needing to enter login credentials in one of two ways: scanning a QR code and approving the session or confirming a numeric pairing code in the mobile app. While the GhostPairing scam could theoretically manipulate users in either approach, researchers found that the latter is much more common.

The fraud begins with a short message sent from a contact with a link that purportedly goes to a Facebook photo or some type of Facebook content. If you click through, you'll be directed to a spoofed Facebook login page to enter your phone number—a familiar confirmation flow for Meta platforms. The next screen will likely show a numeric code with instructions to enter said code into WhatsApp to confirm the login (again, this may feel like a familiar two-step verification). If you're not paying attention, you may not realize that this didn't do anything on your end but instead registered the attacker's browser as a linked device to your account.

The danger in this scam is that everything will seem normal on your device and in your account, as attackers haven't hijacked your credentials to lock you out. However, they can do anything and everything in WhatsApp that you can, such as reading chats, receiving messages, viewing and downloading media, collecting information from your contacts, and forwarding the same phishing link. As they learn more about you and the people you know, they can potentially use that for ongoing scams.

How to protect your WhatsApp account

As always, be wary of links received via messaging platforms, even if they seem harmless or you think you know and can trust the sender. Threat actors frequently use social media and direct messaging to spread phishing lures. If you do click a link in WhatsApp (or any other communication), read all prompts carefully before providing or verifying any information to identify scams.

To protect your WhatsApp account specifically, you can set up two-step verification, which will also prevent attackers from adding or changing a connected email address. Go to Settings > Account > Two-step verification > Turn on or Set up PIN and add an email address when prompted. You can also check to see if there are any suspicious devices paired with your account under Settings > Linked devices and remove any you don't recognize or regularly use.

Finally, if you have been targeted by this scam, let your WhatsApp contacts know, as threat actors may spread the malicious link by making it look like it came from you.

Another PayPal phishing scam is circulating, this time with email notifications about recurring or automatic payments. The messages originate from a legitimate PayPal address, allowing them to evade some security filters and leave recipients worried that their accounts have been compromised—perhaps just enough to ignore the obvious red flags and call or email scammers back.

I personally have been targeted by this scam with at least five separate emails, though all have gone straight to my spam folder. Here's how scammers are exploiting PayPal settings to land in your inbox.

How the PayPal scam works

If you're targeted by this campaign, you may receive an email with the subject line "Your automatic payment status has changed" or "Recurring Payment Reactivated." The layout imitates a real PayPal notification and includes a message about a high-dollar payment being "successfully processed" along with a customer service email and phone number to contact PayPal support.

The email is full of red flags: It is addressed to a random name (or, in one of the messages I received, "Hello Update Invoice"), has poor spelling and wonky formatting, and simply doesn't make sense. You can easily spot oddities like bold text and Unicode characters, which BleepingComputer notes is a trick used to bypass spam filters and keyword detection.

Credit: Emily Long

Where the trick lies is in the sender field, as the email comes from service[at]paypal[dot]com, a legitimate PayPal address, and paypal.com is in the signed-by field. As Malwarebytes Labs describes, this is likely an abuse of PayPal's subscription billing feature. If a merchant pauses a customer subscription, the user will receive an automatic email from PayPal notifying them that their payment is no longer active. Scammers are likely setting up fake subscriber accounts using Google Workspace mailing lists, so automatic emails being generated are sent to everyone on those lists. If you look at the "To:" field, you'll see that the message isn't actually addressed to your email.

Exploiting these types of loopholes to make phishing emails seem legit is a common tactic, and I've covered several similar PayPal phishing campaigns already this year. According to a statement provided to BleepingComputer, PayPal is working on mitigating this specific flaw.

Ignore PayPal payment notifications

If one of these PayPal messages lands in your inbox, don't engage with it. Scammers frequently use emails, texts, and calls about account security and financial transactions to scare you into action, and the impersonation of trusted institutions is often pretty convincing.

If you are concerned about activity on your PayPal account, go directly to the app or website and log in to view alerts and check transactions. Do not use contact information or click any links in the original notification, as this increases the chances of compromising your information or downloading malware to your device.

You (hopefully) know by now that you can't take everything AI tells you at face value. Large language models (LLMs) sometimes provide incorrect information, and threat actors are now using paid search ads on Google to spread conversations with ChatGPT and Grok that appear to provide tech support instructions but actually direct macOS users to install an infostealing malware on their devices.

The campaign is a variation on the ClickFix attack, which often uses CAPTCHA prompts or fake error messages to trick targets into executing malicious commands. But in this case, the instructions are disguised as helpful troubleshooting guides on legitimate AI platforms.

How attackers are using ChatGPT

Kaspersky details a campaign specific to installing Atlas for macOS. If a user searches "chatgpt atlas" to find a guide, the first sponsored result is a link to chatgpt.com with the page title "ChatGPT™ Atlas for macOS – Download ChatGPT Atlas for Mac." If you click through, you'll land on the official ChatGPT site and find a series of instructions for (supposedly) installing Atlas.

However, the page is a copy of a conversation between an anonymous user and the AI—which can be shared publicly—that is actually a malware installation guide. The chat directs you to copy, paste, and execute a command in your Mac's Terminal and grant all permissions, which hands over access to the AMOS (Atomic macOS Stealer) infostealer.

A further investigation from Huntress showed similarly poisoned results via both ChatGPT and Grok using more general troubleshooting queries like "how to delete system data on Mac" and "clear disk space on macOS."

AMOS targets macOS, gaining root-level privileges and allowing attackers to execute commands, log keystrokes, and deliver additional payloads. BleepingComputer notes that the infostealer also targets cryptocurrency wallets, browser data (including cookies, saved passwords, and autofill data), macOS Keychain data, and files on the filesystem.

Don't trust every command AI generates

If you're troubleshooting a tech issue, carefully vet any instructions you find online. Threat actors often use sponsored search results as well as social media platforms to spread instructions that are actually ClickFix attacks. Never follow any guidance that you don't understand, and know that if it asks you to execute commands on your device using PowerShell or Terminal to "fix" a problem, there's a high likelihood that it's malicious—even if it comes from a search engine or LLM you've used and trusted in the past.

Of course, you can potentially turn the attack around by asking ChatGPT (in a new conversation) if the instructions are safe to follow. According to Kaspersky, the AI will tell you that they aren't.

Between the sheer number and the increasing sophistication of phishing campaigns, seeing should not automatically be believing when browsing online. One particularly sneaky scam is a browser-in-the-browser (BitB) attack, in which threat actors create a fake browser window that looks like a trusted single sign-on (SSO) login page within a real browser session.

Because we use SSO to access many of our online accounts, we may not think twice before entering usernames and passwords on these spoofed pages. Cybercriminals are counting on this to steal user credentials.

How a browser-in-the-browser attack works

Rather than redirecting users to a spoofed website, threat actors running a BitB attack create a fake pop-up within the page you're already on (which may either be set up for the attack or compromised in some way). Using HTML, CSS, and JavaScript, they're able to design a login window that looks exactly like the real one, right down to the lock icon and URL in the pop-up's address bar.

These fake login windows typically appear in a seamless fashion, such as after a click or redirect you're expecting to lead to SSO. Obviously, entering your credentials hands them directly to the attackers, who can either use or sell them.

Fraudulent pop-ups often imitates SSO such as Google, Apple, and Microsoft, though they may exploit any login portal. Earlier this year, researchers at Silent Push identified a BitB phishing campaign targeting Steam users, specifically those playing Counter-Strike 2. Gamers saw a fake browser pop-up window displaying the URL of the real Steam portal, making them more likely to enter their credentials without suspicion. The attackers also featured the likenesses of eSports team NAVI to lend credibility.

Signs of a BitB scam

Because threat actors are able to so closely imitate trusted sign-on pages, including using the real domain in the address bar, a visual inspection may not be enough to catch the fraud. Instead, you need to interact with the window in some way.

In many cases, a genuine SSO pop-up can be dragged around and away from the browser page it appears on top of, so you can first try to move it elsewhere on your screen. However, some SSO dialogs are static, so if you can't drag it, try to highlight the URL or click the padlock icon to show certificate details. If these elements are fake, you won't be able to interact with them at all because the window itself is just an image.

This is also an excellent reason to use a secure password manager to fill your credentials instead of entering them manually. A password manager will work only on the legitimate domain. If it doesn't autofill, don't automatically override it—check to ensure the pop-up is real.

You should also have a strong form of multi-factor authentication (MFA) enabled wherever possible, so even if your username and password are somehow compromised, attackers won't have the additional factor needed to actually access your account. Note that hackers can still phish some forms of authentication—physical keys along with biometrics and passkeys are the most secure options.

Android users are getting more tools to combat the seemingly endless stream of scam texts from bad actors looking to steal your data and your money. Circle to Search and Google Lens can now assess messages for scam red flags, and if possible fraud is detected, you'll get recommendations for what to do (or not do) next. Even if you think you know the telltale signs of a scam—a sense of urgency, a demand for money or personal information, a link to log in or pay—using these tools can confirm your suspicions, especially when you feel pressured to act.

Use Circle to Search to identify scams

To activate Circle to Search, long press the home button or navigation bar on your device and circle the text you want to scan. Alternatively, you can take a screenshot, open Lens in the Google app (also available on iOS), and tap the screenshot. The feature works for text messages as well as communication on messaging apps and social media sites. Google says the capability is available "when our systems have high confidence in the quality of the response."

This is just the latest in the Google's suite of security features meant to protect against fraud. Pixel users have real-time, AI-powered scam detection, which identifies and alerts you to suspicious conversational patterns in Google Messages and Phone by Google. In-call protections for Android prevent you from taking certain actions, such as sideloading new apps and changing accessibility permission, on your device while on the phone with anyone not saved in your contacts.

Earlier this month, Google also expanded its in-call scam detection feature, meant to combat bank impersonation schemes, to U.S. users. If you are on a call with a number that's not in your contacts and try to open a participating financial app, you'll get a notification reminding you not to share information and a one-click option to stop screen-sharing and end the call.

If you find yourself in an emergency or crisis situation, the more information you can give first responders, the better. Android users can now share a live stream of their surroundings with 911, allowing emergency services to assess and provide guidance in real time while you wait for help to arrive onsite.

Emergency services on Android

Your Android already shares some information with first responders via Emergency Location Services (unless you disable this feature). This built-in tool sends an accurate location as well as contextual information, such as language settings, when you call or text an emergency number. Now, that includes live video from your device's camera.

You don't need to do anything to set up Emergency Live Video. Once available in your area, responders can send a request during an emergency call or text to securely share your camera's live video. You'll see a prompt on your screen to start sharing with one tap.

According to Google, Emergency Live Video is encrypted by default. Users can choose whether to share their video from the prompt as well as stop the share at any time by clicking the onscreen Stop sharing button.

Live video sharing is rolling out now to U.S. users, as well as those in parts of Germany and Mexico, on Android phones running Android 8 and up. Google says they are partnering with public safety organizations to expand the feature to more users.

Other Android safety features

Emergency Live Video is the latest in Google's suite of safety features designed to make help more accessible—more quickly—in an emergency. Pixel users in Australia, North America, and several dozen countries across Europe now have access to Satellite SOS, which allows you to call emergency services even without a cellular or wifi connection. Car Crash Detection contacts emergency services and shares your location in the event of severe crash, while Fall Detection and Loss of Pulse Detection will call for help based on Pixel Watch sensor data.

Netflix's January lineup is on the lighter side, but includes the return of period romance series Bridgerton (Jan. 29). Season four centers on Benedict, the second-eldest sibling, and Sophie, who he meets at Lady Bridgerton’s masquerade ball. The first four episodes drop in January, with the remaining four coming at the end of February.

Another original series worth watching is Agatha Christie's Seven Dials (Jan. 15), an adaptation of crime author's novel The Seven Dials Mystery. Mia McKenna-Bruce plays sleuth Lady Eileen “Bundle” Brent, who is attempting to solve a murder mystery at a country house party in 1920s England. Martin Freeman and Helena Bonham Carter also star.

On the film side, rom-com People We Meet on Vacation (Jan. 9) is an adaptation of Emily Henry's novel of the same name and stars Tom Blyth and Emily Bader. The Rip (Jan. 16) is an action thriller starring Ben Affleck and Matt Damon as Miami cops who discover millions of dollars in cash at a stash house.

Netflix is also releasing true crime documentary Kidnapped: Elizabeth Smart (Jan. 21) about the 2002 abduction of the 14-year-old from her home in Salt Lake City, and her return several years later.

In addition to hosting WWE's Monday Night Raw every week, Netflix is also streaming Skyscraper Live (Jan. 23), in which free solo climber Alex Honnold will attempt one of the world's tallest skyscrapers in Taipei, Taiwan.

Here's everything else coming to Netflix in January, and everything that's leaving.

What's coming to Netflix in January 2026

Coming soon

• Free Bert—Netflix Series

• Take That—Netflix Documentary

• Undercover Miss Hong—Netflix Series

Available January 1

• Dr. Seuss’s Red Fish, Blue Fish: Season 2—Netflix Family

• Love from 9 to 5—Netflix Series

• My Korean Boyfriend—Netflix Series

• Run Away—Netflix Series

• Time Flies—Netflix Series

• 12 Years a Slave

• 30 Minutes or Less

• Becky

• Brüno

• Colombiana

• Conan the Destroyer

• Dawn of the Dead

• Despicable Me

• Despicable Me 2

• District 9

• Dune

• Erin Brockovich

• Falling Skies: Seasons 1-5

• Forever My Girl

• Free Solo

• Ghostbusters: Answer the Call

• Green Room

• Harry and the Hendersons

• Hellboy

• Johnny Mnemonic

• Just Go With It

• Lone Survivor

• Man on Fire

• Monty Python's The Meaning of Life

• My Girl

• Only the Brave

• Pitch Perfect

• Priscilla

• Twins

• Wild Things

Available January 2

• Found: Seasons 1-2

• Land of Sin—Netflix Series

Available January 3

• The Following: Seasons 1-3

Available January 5

• Monday Night Raw: 2026—Netflix Live Event

Available January 6

• Pokémon Horizons: Season 3 - Rising Hope Part 1—Netflix Family

Available January 7

• 11.22.63: Season 1

• Marcello Hernández: American Boy—Netflix Comedy Special

• Unlocked: A Jail Experiment: Season 2—Netflix Series

Available January 8

• HIS & HERS—Netflix Series

• Love Is Blind: Germany: Season 2—Netflix Series

Available January 9

• Alpha Males: Season 4—Netflix Series

• People We Meet on Vacation—Netflix Film

• Prodigal Son: Seasons 1-2

• Stone Cold Fox

• The Threesome

Available January 12

• Monday Night Raw: 2026—Netflix Live Event

Available January 13

• The Boyfriend: Season 2—Netflix Series

Available January 14

• The Queen of Flow: Season 3

• Veronica Mars: Seasons 1-3

Available January 15

• Agatha Christie's Seven Dials—Netflix Series

• Bone Lake

• Love Through a Prism—Netflix Series

• The Upshaws: Part 7—Netflix Series

• To Love, To Lose—Netflix Series

Available January 16

• Can This Love Be Translated?—Netflix Series

• No Tail to Tell—Netflix Series

• Southland: Seasons 1-5

• The Rip—Netflix Film

Available January 19

• Monday Night Raw: 2026—Netflix Live Event

• Sandokan: Season 1

Available January 20

• Just a Dash: Seasons 1-3

• Rizzoli & Isles: Seasons 1-7

• Star Search—Netflix Live Event

• WWE: Unreal: Season 2—Netflix Sports Series

Available January 21

• Kidnapped: Elizabeth Smart—Netflix Documentary

Available January 22

• Cosmic Princess Kaguya!—Netflix Film

• Finding Her Edge—Netflix Series

Available January 23

• Skyscraper Live—Netflix Live Event

• The Big Fake—Netflix Film

Available January 26

• Monday Night Raw: 2026—Netflix Live Event

• My Sesame Street Friends: My Sesame Music

Available January 27

• Mike Epps: Delusional—Netflix Comedy Special

Available January 29

• Bridgerton: Season 4 Part 1—Netflix Series

What's leaving Netflix in January 2026

Leaving January 1

• Agatha Christie's Crooked House

• Aquaman and the Lost Kingdom

• Baby Driver

• Blue Beetle

• Blue Crush

• Blue Streak

• Captain Phillips

• Clear and Present Danger

• Coach Carter

• Crazy Rich Asians

• Death Becomes Her

• Dirty Dancing

• Doctor Sleep

• Don't Worry Darling

• Dreamgirls

• Fifty Shades Darker

• Fifty Shades Freed

• Fifty Shades of Grey

• G.I. Joe: Retaliation

• G.I. Joe: The Rise of Cobra

• Ghost

• The Goonies

• The Hangover

• The Hangover: Part II

• The Hangover: Part III

• How to Be Single

• I Love You, Man

• Isn't It Romantic

• Kung Fu Panda

• Kung Fu Panda 2

• Kung Fu Panda 3

• Lara Croft Tomb Raider: The Cradle of Life

• Lara Croft: Tomb Raider

• Life of the Party

• Lost: Seasons 1-6

• Mad Max: Fury Road

• The Martian

• The Mask

• Meet Joe Black

• Ocean's 8

• Runaway Bride

• Scarface

• Star Trek

• Star Trek Beyond

• Star Trek Into Darkness

• The Sweetest Thing

• Taxi Driver

• Training Day

• Zero Dark Thirty

Leaving January 2

• Dodgeball: A True Underdog Story

Leaving January 3

• Mr. Robot: Seasons 1-4

Leaving January 9

• Maze Runner: Death Cure

• Maze Runner: The Scorch Trials

• The Maze Runner

Leaving January 16

• Confessions of a Shopaholic

Leaving January 18

• Donnie Darko

Leaving January 23

• House of Lies: Seasons 1-5

Leaving January 29

• Prison Break: Seasons 1-5

If you've spent years curating playlists in Apple Music or another streaming service, you can now easily transfer your playlist to your Spotify library without needing to start from scratch or pay for a third-party service. Playlist transfers are now built into Spotify thanks to a new integration with TuneMyMusic, which facilitates music syncing, sharing, transfers, and backups across platforms.

To initiate a playlist transfer from Apple Music or another streaming service (YouTube Music, Amazon Music, SoundCloud, etc.), open the Spotify mobile app and tap Your Library. Scroll to the bottom of the page, tap Import your music > Get Started, and follow the on-screen prompts to connect with TuneMyMusic. You can choose which platform to transfer music from, and your playlists will populate in Spotify. Your playlists will remain on the original platform, as they are simply being copied into Spotify. (This feature is currently rolling out to users, so you may need to update your Spotify app.)

Data portability across music streamers has been very limited, but it's getting better: TuneMyMusic was already compatible with Spotify, but users had to sign up for a free trial with the service and were capped at just 500 songs before needing to upgrade to a paid plan. (Other third-party playlist transfer tools include FreeYourMusic and Soundiiz.)

Apple Music has a music transfer feature built into its iOS and iPadOS (under Settings > Apps > Music) as well as the Apple Music app for Android and via the web. YouTube Music supports playlist imports and exports but requires a third-party service for platforms that don't permit direct transfers.

Whether you actually go back and look at photos, watch videos, or review files from years past, you may someday be disappointed if those memories disappear forever, either because you didn't back them up or your one backup was destroyed along the way.

I know I have done a poor job of keeping track of media as I have upgraded computers and phones over the years, and I've lost my fair share of photos, videos, and documents along the way, whether on misplaced or damaged external drives or from simply forgetting to back up at all.

Here's how to ensure your data is available for years to come.

You need multiple backups of your data

One approach to backing up your data is the 3-2-1 strategy, which says you should keep three copies of your data across two different forms of storage, one of which should be offsite (in case a disaster strikes your home).

A simple example: You have your photos and files on your computer, which is backed up regularly to both an external hard drive and a cloud service. That's three copies of your data on two storage types—an onsite physical device and remote cloud storage—the latter of which satisfies the "offsite" requirement because it is geographically separate from your other two copies.

This approach protects against a single point of failure, such as a primary device dying, losing an external hard drive, or getting locked out of a cloud account. When it comes to backing up your data, redundancy matters.

As Reddit users note, there are different interpretations of how to apply the 3-2-1 rule, such as whether your working copy on your primary device counts as one of three and whether the one offsite copy is included in the two forms of storage. And while a strict 3-2-1 strategy, or variations of it, may be more commonly employed at the enterprise level rather than by the average consumer, you could think about it as a general guideline for improving your backup system, especially if you don't have one at all.

How to set up backups

You never know when a device might fail, so it's a good idea to plan frequent backups, whether your data is syncing regularly to the cloud or you set reminders to manually push updates to your external hard drive.

Many users sync their devices automatically to a service like iCloud or Google Drive, but relying on this as your sole backup doesn't guarantee that you'll be able to access all of your files in the future.

As HowtoGeek points out, these backups are typically mirroring what's currently on your device rather than historical versions—so once you delete a photo, file, or folder from your computer or phone, it's also deleted from the cloud backup. This is useful for quick access as well as restoring to a new or factory-reset device, but it doesn't do much for the scores of media collected over the years that you don't use daily.

You could use a dedicated cloud backup service like IDrive or Backblaze, which come with a lot of storage space for automatic, full device backups. This may be best for users who have large files or a lot of media that is essential to their jobs as well as those who prioritize data privacy. (However, Wirecutter notes that most online backup services leave a lot to be desired.) Others may be fine to manually move files and media to free or low-cost cloud storage, including iCloud, OneDrive, and Google.

At a minimum, another backup should live on an external hard drive—and if you're not going to do cloud backups, consider two external drives stored in separate locations. Hardware can obviously be lost, stolen, damaged, or simply degraded over time, so again, you shouldn't rely on a single drive for all of your storage. Apple's Time Machine and Windows File History make it easy to save backups to an external drive.

Netflix's December lineup has a little something for everyone, from familiar original series to live sports. Emily in Paris returns for a fifth season (Dec. 18), this time set in Rome. The final installment of Stranger Things is coming at the end of the month—the first half of season five premiered in November—with volume two releasing at 5 p.m. PT on Christmas Day and the finale at 5 p.m. PT on New Year's Eve.

There's also Love Is Blind: Italy (Dec. 1) and My Next Guest with David Letterman and Adam Sandler (Dec. 1), in which Letterman joins Adam Sandler backstage on his comedy tour, and What's In The Box? (Dec. 17), a new game show hosted by Neil Patrick Harris.

On the film side, Daniel Craig returns as Detective Benoit Blanc in a new Knives Out mystery called Wake Up, Dead Man (Dec. 12). The standalone sequel to Glass Onion also stars Josh O'Connor, Glenn Close, Josh Brolin, Jeremy Renner, Mila Kunis, Kerry Washington, and Andrew Scott.

Goodbye June (Dec. 24) also has a stacked cast, including Helen Mirren, Toni Collette, Andrea Riseborough, Johnny Flynn, and Kate Winslet—the film is her directorial debut. Four siblings are dealing with their mother's nearing death over the holiday season.

Finally, the live events lineup in December includes Jake vs. Joshua: Judgment Day (Dec. 19) and two Christmas Day NFL match-ups: Cowboys vs. Commanders and Lions vs. Vikings.

Here's everything else coming to Netflix in December, and everything that's leaving.

What's coming to Netflix in December 2025

Coming soon

• Cashero—Netflix Series

• Pro Bono—Netflix Series

• Robby Hoffman: Wake U—Netflix Comedy Special

Available December 1

• All The Empty Rooms—Netflix Documentary

• CoComelon Lane: Season 6—Netflix Family

• Love is Blind: Italy—Netflix Series

• My Next Guest with David Letterman and Adam Sandler—Netflix Series

• Playing Gracie Darling—Netflix Series

• Troll 2—Netflix Film

• A League of Their Own

• As Good as It Gets

• Bad Teacher

• Big Momma's House

• Big Momma's House 2

• Brightburn

• Burlesque

• Cheaper by the Dozen

• Cheaper by the Dozen 2

• Christmas Break-In

• Downton Abbey

• Godzilla

• Hollow Man

• Joy for Christmas

• Kung Fu Panda

• Kung Fu Panda 2

• Kung Fu Panda 3

• Little Women

• Pulp Fiction

• Stripes

• The Ugly Truth

• Victoria: Seasons 1-3

• What Lies Beneath

• The Wolf of Wall Street

• Zero Dark Thirty

Available December 2

• Anne Rice's Mayfair Witches: Season 2

• Matt Rife: Unwrapped - A Christmas Crowd Work Special—Netflix Comedy Special

Available December 3

• My Secret Santa—Netflix Film

• The Northman

• Stranded with my Mother-in-Law: Season 3—Netflix Series

• With Love, Meghan: Holiday Celebration—Netflix Series

Available December 4

• A Lot Like Christmas

• The Abandons—Netflix Series

• The Believers: Season 2—Netflix Series

• Forrest Gump

• Fugue State 1986—Netflix Series

• I Wish You Had Told Me—Netflix Film

• Lali: Time to Step Up—Netflix Documentary

• Mean Girls (2004)

Available December 5

• Jay Kelly—Netflix Film

• Love and Wine—Netflix Film

• The Making of Jay Kelly—Netflix Documentary

• The New Yorker at 100—Netflix Documentary

• The Night My Dad Saved Christmas 2—Netflix Film

• The Price of Confession—Netflix Series

• Owning Manhattan: Season 2—Netflix Series

Available December 7

• Babylon

• Cast Away

Available December 8

• Elmo and Mark Rober's Merry Giftmas—Netflix Family

Available December 9

• Badly in Love—Netflix Series

• Blood Coast: Season 2—Netflix Series

• Masaka Kids, A Rhythm Within—Netflix Documentary

• The West Wing: Seasons 1-7

Available December 10

• The Accident: Season 2—Netflix Series

• Record of Ragnarok: Season 3—Netflix Series

• Simon Cowell: The Next Act—Netflix Documentary

Available December 11

• The Fakenapping—Netflix Film

• Had I Not Seen the Sun: Part 2—Netflix Series

• Lost in the Spotlight—Netflix Film

• Man Vs Baby—Netflix Series

• Tomb Raider: The Legend of Lara Croft: Season 2—Netflix Series

• The Town—Netflix Series

Available December 12

• The Amazing Digital Circus: Season 1: episodes 5-7

• City of Shadows—Netflix Series

• Home for Christmas: Season 3—Netflix Series

• Wake Up Dead Man: A Knives Out Mystery—Netflix Film

Available December 13

• The Talented Mr. Ripley

Available December 14

• PAW Patrol: The Mighty Movie

Available December 15

• A Cowboy Christmas Romance

• Christmas at the Chalet

• The Christmas Classic

• Christmas on the Alpaca Farm

• The Creature Cases: Chapter 6—Netflix Family

Available December 16

• Castle Rock: Seasons 1-2

• Culinary Class Wars: Season 2—Netflix Series

Available December 17

• The Manny: Season 3—Netflix Series

• Murder in Monaco—Netflix Documentary

• What's In The Box?—Netflix Series

Available December 18

• 10DANCE—Netflix Film

• Emily in Paris: Season 5—Netflix Series

Available December 19

• A Time For Bravery—Netflix Film

• Breakdown: 1975—Netflix Documentary

• The Great Flood—Netflix Film

• Jake vs. Joshua: Judgment Day—Netflix Live Event

Available December 22

• The Closer: Seasons 1-7

• Elway—Netflix Documentary

• Sicily Express—Netflix Series

Available December 23

• Eden

• King of Collectibles: The Goldin Touch: Season 3—Netflix Series

Available December 24

• Downton Abbey: A New Era

• Goodbye June—Netflix Film

• Tom Segura: Teacher—Netflix Comedy Special

Available December 25

• Christmas Gameday: Cowboys vs. Commanders—Netflix Live Event

• Christmas Gameday: Lions vs. Vikings—Netflix Live Event

• Stranger Things 5: Volume 2—Netflix Series

Available December 26

• Cover-Up—Netflix Documentary

Available December 29

• Members Only: Palm Beach—Netflix Series

Available December 30

• Evil Influencer: The Jodi Hildebrandt Story—Netflix Documentary

• Ricky Gervais: Mortality—Netflix Comedy Special

Available December 31

• Sleeping with Other People

• Stranger Things 5: The Finale—Netflix Series

What's leaving Netflix in December 2025

Leaving December 1

• Austin Powers in Goldmember

• Austin Powers: International Man of Mystery

• Austin Powers: The Spy Who Shagged Me

• Back to the Future

• Back to the Future Part II

• Back to the Future Part III

• Beverly Hills Cop

• Beverly Hills Cop II

• Beverly Hills Cop III

• Billy Madison

• Clueless

• Cold Pursuit

• The Dark Tower

• Downton Abbey

• E.T. the Extra-Terrestrial

• Edge of Tomorrow

• Escape Room

• Game Night

• The Goonies

• The Happytime Murders

• Inglourious Basterds

• Kicking and Screaming

• The Nutty Professor

• The Nutty Professor II: The Klumps

• Paddington

• Wonka

Leaving December 3

• How I Met Your Mother: Seasons 1-9

Leaving December 5

• Compliance

Leaving December 7

• Gods of Egypt

Leaving December 9

• Daddy's Home

• Daddy's Home 2

Leaving December 17

• Teenage Mutant Ninja Turtles

• Teenage Mutant Ninja Turtles 2

Leaving December 18

• The 100: Seasons 1-7

• Arrow: Seasons 1-8

• Supernatural: Seasons 1-15

Leaving December 25

• Transformers

• Transformers: Age of Extinction

• Transformers: Dark of the Moon

• Transformers: Revenge of the Fallen

Leaving December 29

• 10 Things I Hate About You

• Idiocracy

• Sweet Home Alabama

Leaving December 30

• Ready Player One

Leaving December 31

• Evil: Seasons 1-3

Many Americans are in the middle of making hard decisions about their health insurance, in part because open enrollment, the period in which consumers can change their plan, is happening now. That means scammers are also busy contacting people, impersonating insurance providers in an effort to collect personal, financial, and medical information.

Common health insurance scams

Fraudsters especially love to impersonate representatives from Medicare, targeting older adults and others who qualify for the federal program with unexpected calls. As the Federal Trade Commission warns, scammers may have some of your personal information already and will ask you to confirm your Medicare, bank account, and/or credit card number under the guise of sending you a new Medicare card. In reality, Medicare cards are free and sent automatically, so you should never need to provide payment.

Scammers may also target consumers on Marketplace, Medicaid, and Children's Health Insurance Program (CHIP) plans with a similar tactic, claiming that you may lose or be disqualified from health coverage unless you make a payment.

In addition to impersonating government officials, bad actors will pretend to represent a legitimate insurer, promising discounted plans (that are available only for a limited time) or enrollment assistance (for a fee). Plans that seem too good to be true probably aren't health insurance at all and may not provide the coverage promised. And you shouldn't have to pay anyone to sign up for a plan.

Note that while scammers may ramp up efforts during open enrollment, health insurance scams can happen year-round. A Federal Communications Commission (FCC) advisory warns consumers about common tactics like calls and texts in which scammers—impersonating government agencies or insurance companies—offer health screening, free gifts, or other promotional benefits in exchange for your personal information.

Bad actors can pretty easily spoof phone numbers (so it looks like you're getting a call from a reputable insurance provider like Medicare or Blue Cross Blue Shield) as well as set up phishing websites designed to steal your credentials and financial information.

Insurance scam red flags

As always, unsolicited communication that pressures you to take action is almost always a scam. Medicare representatives will never call, email, or text you to verify information or demand payment, nor will legitimate government officials try to sell you anything or threaten you unless you pay up. If someone claims they represent an insurer and asks for money or sensitive personal information, or if they threaten you with legal action, hang up.

Don't share any data, including your social security number, bank account number, or medical history with anyone—that is, unless you have contacted the Medicare office or other legitimate agency directly and first and need to verify your identity. (The number for Medicare is 1-800-MEDICARE, and you can reach a Marketplace representative through HealthCare.gov).

Always verify a representative's identity using official contact information found on a .gov website, legitimate company page, or an account statement, and never send money via gift card, prepaid debit, or crytocurrency in exchange for anything. You should also ensure your credentials for your insurance accounts (like HealthCare.gov and Medicare.gov) are strong and secure, and enable multi-factor authentication wherever possible.