Google has announced a new pilot programme aimed at protecting Android users from financial fraud in collaboration with the Cyber Security Agency of Singapore (CSA). The pilot will first be launched in Singapore in the coming weeks.
The pilot programme in Singapore focuses on preventing the installation of apps that request sensitive permissions commonly abused for financial fraud.
By analysing runtime permission requests such as RECEIVE_SMS and READ_SMS, Google Play Protect will automatically block installations from internet-sideloaded sources that pose a risk.
This enhanced fraud protection mechanism has been tested by the Singapore government and is set to roll out to Android devices equipped with Google Play services.
Based on Google’s analysis of major fraud malware families that exploit these sensitive runtime permissions, over 95 percent of installations came from Internet-sideloading sources.
During the upcoming pilot, when a user in Singapore attempts to install an application from an Internet-sideloading source and any of these four permissions are declared, Play Protect will automatically block the installation with an explanation to the user.
Developers are also encouraged to review their apps’ permissions and adhere to best practices to avoid potential blocks by Play Protect.
“The fight against online scams is a dynamic one. As cybercriminals refine their methods, we must collaborate and innovate to stay ahead.
Through such partnerships with technology players like Google, we are constantly improving our anti-scam defenses to protect Singaporeans online and safeguard their digital assets.”
said Chua Kuan Seah, Deputy Chief Executive of CSA.
“Together with CSA, we will be closely monitoring the results of the pilot program to assess its impact and make adjustments as needed.
We will also support CSA by continuing to assist with malware detection and analysis, sharing malware insights and techniques, and creating user and developer education resources.”
said Eugene Liderman, Director of Mobile Security Strategy, Google in a blog post.
Android, known for its open ecosystem, offers users the freedom to download apps from various sources. However, this flexibility also opens doors for cybercriminals to exploit vulnerabilities.
Recognising the heightened risks associated with downloading apps from non-official sources, Google had introduced enhanced real-time scanning through Google Play Protect last year October.
This feature actively monitors for malicious apps, leveraging artificial intelligence to detect and block harmful software.
Now deployed on Android devices with Google Play Services in India, Thailand, Singapore and Brazil, this feature has reportedly already made a significant impact on user safety.
The latest data from Google Play Protect has shown its effectiveness, identifying over 515,000 new malicious apps and issuing more than 3.1 million warnings or blocks.
Despite these efforts, financial fraud remains a pressing issue, with consumers worldwide facing losses exceeding US$1 trillion due to advanced scams.
Featured image credit: Edited from Freepik