Authorities in Singapore are directing Apple and Google to stop scammers from spoofing government names on their messaging apps.

The Singapore Police Force, acting under the Online Criminal Harms Act, issued separate Implementation Directives to both companies on 24 November 2025.

Apple must add safeguards to iMessage, while Google must do the same for personal RCS messaging on Google Messages.

The measures, which include blocking or filtering names that mimic “gov.sg” or government agencies and adjusting how unknown sender names appear, must be in place by 30 November 2025.

Government agencies have used the “gov.sg” SMS sender ID since July 2024, supported by the SMS Sender ID Registry.

These safeguards apply only to SMS. Messages on iMessage and Google Messages appear alongside SMS in the same interface, and scammers have exploited the lack of distinction.

The government does not use the “gov.sg” identifier on these apps, but users may still assume such messages are legitimate.

Police have already seen scams involving the impersonation of SSIR registered sender IDs, including more than 120 cases linked to SingPost.

Authorities say this highlights the need to close gaps that allow scammers to imitate trusted senders across different messaging platforms.

Apple and Google have indicated they will comply. Users are advised to keep their apps updated so the new protections take effect.

Under the Online Criminal Harms Act, providers of designated online services can be required to introduce systems or measures to address offences listed in the Act.

Failure to comply without reasonable excuse can result in fines of up to S$1 million, with an additional S$100,000 per day for continuing offences.

Featured image: Edited by Fintech News Singapore, based on images by AnamulHaqueAniks, motionfox, and
dendysign via Freepik