To reduce financial scams, Google has started a new program to prevent users from sideloading certain apps in Singapore. The company is looking to block sideloaded apps that abuse Android permissions to read one-time passwords received through SMS and notifications.
Key Takeaway
Google has launched a program to block certain sideloaded apps in Singapore to prevent financial fraud, collaborating with the Cyber Security Agency of Singapore and expanding its real-time scanning feature to combat malicious apps.
Google’s Initiative to Prevent Financial Fraud
Google has identified four sets of permissions that bad actors exploit to commit financial fraud. These apps are often sideloaded, meaning they are manually installed onto the device, bypassing the Play Store. The permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on-screen content. According to Google’s analysis, over 95% of installations of major fraud malware families that exploit these sensitive runtime permissions came from Internet-sideloading sources.
Collaboration with Cyber Security Agency of Singapore
Google has developed this pilot in collaboration with the Cyber Security Agency of Singapore (CSA) as part of its Play Protect program. When a user in Singapore attempts to install such apps, Google will automatically block the attempt with a message pop-up warning about the potential risks of identity theft or financial fraud.
Expansion of Real-Time Scanning Feature
Last October, Google announced a real-time scanning protection feature in India to stop users from sideloading malicious apps. The company has since expanded this feature to new regions, including Thailand, Singapore, and Brazil. This enhancement adds real-time scanning at the code-level to Google Play Protect to combat novel malicious apps, regardless of whether the app was downloaded from Google Play or elsewhere.
Google’s Efforts to Combat Fraudulent Loan Apps
Fraudulent loan apps have been a concern for Google in various geographies, such as India and Africa. In response, Google introduced a new policy to prevent loan apps from accessing users’ photos and contact details. The company continues to work on evolving and improving its capabilities to address new types of threats facing the Android ecosystem.