CustomersPricingBlogAbout
Changelog
Log inStart for free
Back to All
Added

Phone call detection

about 16 hours ago by Sebastian Wallin

Castle can now detect when a user is on a phone call during sensitive actions like login or transactions. This helps you catch social engineering attacks, where a scammer calls the victim and walks them through actions while simultaneously taking over their account.

Three new fields are available under the device.call section of the event and API response payload:

"device": {
  "call": {
    "state": "active",
    "type": "cellular",
    "direction": "incoming"
  }
}
  • device.call.state: active, ringing, dialing or on_hold
  • device.call.type (Android): cellular or voip
  • device.call.direction (iOS): incoming or outgoing

All three fields are searchable in Explore and available as policy filter conditions.

New signal: Phone Call Active


A new Phone Call Active signal fires on every event where the user's device has an active phone call. On Android, it only fires for cellular calls (not VoIP), since a VoIP call is more likely someone on a Teams or Zoom call while logging in.

Use this signal in your policies to challenge or deny high-risk actions performed during a phone call, a strong indicator of social engineering.

ℹ️

Phone call detection is available on Android SDK 3.1.3+ and iOS SDK 4.0.0+. Data is collected automatically by the SDKs with no integration changes needed.