Android offers an open ecosystem for both users and developers to play around with apps, customizations, functionalities, and settings to name a few. However, the openness is also shrouded with bad actors trying to use lucrative methods including defenses against AI detection to lure innocent users to steal sensitive data and scam them of millions without leaving a trace.
Understanding the extent of bad actors using financial scams via app installs, Google has commenced a pilot program in Singapore that blocks any and every app that may ask for risky permissions such as access to reading SMSes.
The Current Ecosystem & Why
Android offers an upper hand in terms of flexibility and openness meaning users can download apps not only from supported Play Store but from third-party sources as well. However, the downloaded apps may carry excess baggage depending upon the source of download.
Google Play Protect scans through 125+ billion apps installed on Android phones to detect malicious activities and behavior and block them before they can hurt users. Play Protect is one of the largest threat detection mechanisms that prevents app developers from pushing malicious scripts, spyware, or other threats with their apps on the Play Store.
This is where these developers use third-party marketplaces and app stores to showcase their apps. Since Android smartphones allow sideloading, marketplaces usually steer clear of rigorous testing, and thus, the malicious code reaches users stealing their sensitive data, taking over the phone entirely, and siphoning funds through hundreds of tactics.
In October last year, Google started real-time scanning of apps downloaded via web browsers or the internet using enhanced Google Play Protect. The feature is now available in India, Brazil, Singapore, and Thailand as a part of Google Play Services which actively scans through sideloaded apps.
The scanning proved instrumental as Google was able to detect 515K new malicious apps and sent out 3.1 million warnings or blocks when users tried to install such malicious apps.
Google launches a pilot app scan to combat financial fraud in Singapore
Coming to the primary aspect of this blog, Google has launched real-time scanning on Android users in partnership with the Cyber Security Agency of Singapore (CSA). This pilot runs in Singapore and will use various fraud detection and protection mechanisms to pinpoint apps that could cause malicious infestation on user’s devices.
The pilot will block apps downloaded from the internet and with risky permissions such as “RECEVIED_SMS”, “READ_SMS”, “BIND_NOTIFICATIONS”, and “ACCESSIBILITY”. These are some of the permissions fraudsters may ask to gain access to OTPs, and hide notifications from legit apps, among others.
The feature will automatically block the installation of apps that ask for these permissions if downloaded from the internet. The users will receive a notification that the app was blocked by Play Protect. They can still download the app from the Play Store or other legit sources.
Note that this pilot is available in Singapore only at the time of writing this and will continue for a few weeks. Based on the data obtained and analyzed, the feature will be seen in other parts of the world. Google made it clear that they can run this experimental feature if (countries) show interest in participating in the same.