To Reduce Financial Scams, Google Launches New Program to Prevent Sideloaded Apps in Singapore
Google has started a new program to prevent users from sideloading certain apps in Singapore, aiming to block sideloaded apps that abuse Android permissions to read one-time passwords received through SMS and notifications.
Four Sets of Permissions Exploited by Fraudsters
Google said there are four sets of permissions that bad actors exploit to commit financial fraud. According to the company’s survey, most of these apps are sideloaded, which are installed onto the device manually — not through the Play Store.
Abuse of Permissions
“These permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on-screen content. Based on our analysis of major fraud malware families that exploit these sensitive runtime permissions, we found that over 95 percent of installations came from Internet-sideloading sources,” the company said in a blog.
Automatic Blocking of Sideloaded Apps
The search giant said when a user in Singapore tries to install any such app, Google will automatically block the attempt with a message pop-up that reads: “This app can request access to sensitive data. This can increase the risk of identity theft or financial fraud.”
Pilot Program in Collaboration with CSA
Google has developed this pilot in collaboration with the Cyber Security Agency of Singapore (CSA) as part of its Play Protect program.
Real-Time Scanning Protection Feature
Last October, the company announced a real-time scanning protection feature — with the first rollout in India — to stop users from sideloading malicious apps. In November, TechCrunch performed a test with over 30 different malicious apps. And while Google’s protection feature blocked most of them, some predatory loan apps were successfully installed.
Evolution of Real-Time Scanning
“With this recent enhancement, we’re adding real-time scanning at the code-level to Google Play Protect to combat novel malicious apps, regardless of if the app was downloaded from Google Play or elsewhere,” said Google spokesperson Scott Westover in an email to TechCrunch at that time. “These capabilities will continue to evolve and improve over time, as Google Play Protect collects and analyzes new types of threats facing the Android ecosystem.”
Expansion of Real-Time Scanning Feature
Since then, Google has expanded the real-time scanning feature to new regions, including Thailand, Singapore, and Brazil.
Guidelines for Developers
With the latest announcement, Google alerted developers that their apps should not violate Mobile Unwanted Software principles and should follow guidelines. The company said it is open to expanding the pilot program to other countries.
Conclusion
Google is committed to keeping Android users safe from financial scams and fraudulent activities. The new program in Singapore is a step towards achieving this goal, and the company is open to expanding it to other countries in the future.
FAQs
Q: What is the purpose of Google’s new program in Singapore?
A: The program aims to prevent users from sideloading certain apps that abuse Android permissions to read one-time passwords received through SMS and notifications.
Q: What are the four sets of permissions exploited by fraudsters?
A: The four sets of permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on-screen content.
Q: How does Google’s real-time scanning protection feature work?
A: The feature scans apps at the code-level to combat novel malicious apps, regardless of if the app was downloaded from Google Play or elsewhere.
Q: Will Google expand the pilot program to other countries?
A: Yes, the company is open to expanding the pilot program to other countries in the future if it sees similar interest and user protection needs.
