To reduce financial scams, Google has started a new program to prevent users from downloading certain apps in Singapore. The company seeks to block downloaded applications that abuse Android permissions to read one-time passwords received through SMS and notifications.
Google said there are four sets of permissions that bad actors leverage to commit financial fraud. According to the company’s survey, most of these applications are downloaded, that is, installed on the device manually, not through the Play Store.
“Scammers frequently abuse these permissions to intercept one-time passwords via SMS or notifications, as well as to spy on screen content. “Based on our analysis of the top rogue malware families that exploit these sensitive runtime permissions, we found that more than 95 percent of installations came from Internet download sources,” the company said in a blog post.
The search giant said that when a user in Singapore attempts to install such an app, Google will automatically block the attempt with a pop-up message that reads: “This app may request access to sensitive data. This can increase the risk of identity theft or financial fraud.”
Google has developed this pilot in collaboration with the Singapore Cyber Security Agency (CSA) as part of its Play Protect program.
Last October, the company announced a real-time scanning protection feature, with the first rollout in India, to prevent users from downloading malicious apps. In November, TechCrunch conducted a test with more than 30 different malicious applications. And although Google’s protection feature blocked most of them, some predatory lending apps were successfully installed.
“With this recent enhancement, we’re adding real-time code-level scanning to Google Play Protect to combat new malicious apps, regardless of whether the app was downloaded from Google Play or elsewhere,” said Google spokesperson Scott Westover. , in an email to TechCrunch at the time. “These capabilities will continue to evolve and improve over time, as Google Play Protect collects and analyzes new types of threats facing the Android ecosystem.”
Google has since expanded the real-time scanning feature to new regions, including Thailand, Singapore, and Brazil.
With the latest announcement, Google alerted developers that their apps should not violate mobile unwanted software principles and should follow guidelines.
Fraudulent loan applications have been a problem for Google in geographies such as India and Africa. In India, Google has to face scrutiny as predatory lending apps and their representatives have harassed people for payments, driving some to suicide.
Last year, Google introduced a new policy to prevent lending apps from accessing users’ photos and contact data.