Google has initiated a program to prevent sideloading of certain apps in Singapore in order to reduce financial scams. The company aims to block apps that exploit Android permissions to access one-time passwords received through SMS and notifications.
Google has identified four sets of permissions being exploited by bad actors to commit financial fraud. These apps are mainly sideloaded, meaning they are manually installed on a device and not obtained through the Play Store.
According to Google, the permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on-screen content. Over 95% of such app installations came from Internet-sideloading sources, as revealed by the company’s analysis of major fraud malware families.
When a user in Singapore attempts to install such an app, Google will automatically block the attempt and show a message stating, “This app can request access to sensitive data. This can increase the risk of identity theft or financial fraud.”
Image Credits: Google
Google has developed this pilot in collaboration with the Cyber Security Agency of Singapore (CSA) as part of its Play Protect program.
Last October, Google announced a real-time scanning protection feature to prevent users from sideloading malicious apps, with the first rollout in India. In November, TechCrunch performed a test with over 30 different malicious apps and found that while Google’s protection feature blocked most of them, some predatory loan apps were successfully installed.
Google has expanded the real-time scanning feature to new regions including Thailand, Singapore, and Brazil, in addition to adding scanning at the code-level to Google Play Protect.
In light of these developments, Google has cautioned developers to ensure that their apps adhere to Mobile Unwanted Software principles and follow guidelines.
Fraudulent loan apps have been a concern for Google, particularly in regions such as India and Africa. In India, Google faced scrutiny due to predatory loan apps and their representatives harassing people for repayment, leading to serious consequences.
Last year, Google introduced a new policy to prevent loan apps from accessing users’ photos and contact details.
