Google to block sideloading in Singapore in new financial fraud pilot
In a bid to protect Android users from financial scams, Google is launching a pilot program in partnership with the Cyber Security Agency of Singapore (CSA) to prevent users from sideloading certain apps in Singapore.
The enhanced security feature, part of Google Play Protect, will analyse and automatically block the installation of apps that abuse Android permissions from reading one-time passwords received via SMS or notifications.
According to Google, there are four sets of permissions that fraudsters exploit to commit financial fraud. These are: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility.
“These permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on-screen content,” the company wrote in a blog.
“Based on our analysis of major fraud malware families that exploit these sensitive runtime permissions, we found that over 95 per cent of installations came from Internet-sideloading sources.”
Related reading: What is App Cloud? How do I delete it?
First of its kind in Singapore
The search giant said that as part of the pilot when a user in Singapore tries to install an app and any of the four permissions are declared, Google will automatically block the installation. This will be followed up with a pop-up message with an explanation that will read: “This app can request access to sensitive data. This can increase the risk of identity theft or financial fraud”.
The enhanced fraud protection has undergone testing by the Singapore government, Google said and will be rolled to Android devices with Google Play services.
The company added that during the pilot, the two parties will monitor the results of the pilot “to assess its impact and make adjustments as needed”.
“We will also support CSA by continuing to assist with malware detection and analysis, sharing malware insights and techniques, and creating user and developer education resources,” Google stated.
“We believe industry collaboration is essential to protect users from mobile security threats and fraud. Piloting these new protections will help us stay ahead of new attacks and evolve our solutions to defeat scammers and their expanding fraud attempts.”
Recommended reading: Forget hacked toothbrushes, worry about the rise in real DDOS attacks
NEXT UP
Professor Mark Miodownik interview: “I think that it is an impressive achievement by humans that we didn’t give up and go, who cares”
We interview Professor Mark Miodownik to talk about his latest book, “It’s a Gas”, and why air is such an underrated resource
Crushing the $318 billion piracy menace: time to act before it’s too late
The digital piracy threat looms large – to combat it, disrupting pirate payment methods and boosting global enforcement is crucial.
A tech-driven approach to smarter business travel
This sponsored article explores how a tech-driven approach is transforming business travel and enriching the overall experience of travelling