Google will block Android users from installing ‘unsafe’ apps in fraud protection test
Android users in Singapore will not be able to download apps deemed to be unsafe, as Google looks to roll out fraud protection measures in collaboration with the local government.
The move aims to combat a growing scam problem in the country, the first to trial the feature.
Also: Singapore hit by growing cybercrimes, clocks $501M in losses from scams
Available within Google Play Protect, the new security feature will block the installation of side-loaded apps tagged to be potentially risky. Such apps are typically downloaded from online sources such as messaging apps or file managers.
The security measure will protect mobile users against malware-enabled scams, said Google Singapore, which added that it worked with the Cyber Security Agency of Singapore on the development of the feature as part of the government’s anti-scam efforts.
“Cybercriminals often use social engineering tactics to deceive mobile users into disabling security safeguards and ignore proactive warnings for potential malware, scams, and phishing under false pretenses,” Google said. This can result in users downloading side-loaded apps and disclosing confidential personal data or transferring funds to scammers.
Citing a survey it conducted this month, Google said one in two online users in Singapore still fell victim to online scams despite expressing confidence they could spot and avoid fraud.
It noted that Google Play Protect’s real-time scanning identified more than 515,000 potentially risky apps since its launch last October, issuing more than 3.1 million warnings or blocks of such apps.
With the added security feature, Android users in Singapore will be automatically blocked from installing apps from a side-loading source that use sensitive runtime permissions, which Google said often are exploited for financial fraud.
Also: Apple OKs sideloading apps in the EU – with these restrictions
The security feature will inspect the permissions of the app in real-time, looking specifically at four runtime permissions that include reading and receiving SMS messages as well as accessibility service and notification listening service.
Users will be told why they have been blocked from installing the app, according to Google.
“Sensitive permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or from notifications, as well as spy on-screen content,” the tech giant said. Pointing to its analysis of key fraud malware families that exploited such sensitive runtime permissions, Google said more than 95% of installations were from online side-loading sources.
The security feature will be progressively rolled out to Android users in Singapore over the next few weeks.
Also: Newly discovered Android malware has infected thousands of devices
Google’s director of Android security strategy Eugene Liderman said his team will be monitoring the results of the pilot to assess its impact and finetune the security tool if necessary.
Singapore has implemented various anti-scam measures over the past year in a bid to curb growing fraud cases, which saw 103 victims lose more than SG$161,000 ($121,583) in December alone.
The country clocked a 25.2% increase in scams and cybercrimes in 2022, with scams accounting for the bulk. Phishing, e-commerce, and investment scams were among the top five most common tactics used against victims, making up 82.5% of the top 10 types of scams.
As part of the security measures rolled out, banks in Singapore now provide a “kill switch” that enables consumers to suspend their accounts in a suspected breach and SMS messages sent from organizations not registered with the local ID registry are tagged as “Likely-SCAM”.