Google announced a new pilot program in Singapore aimed at preventing users from sideloading certain apps that abuse Android app permissions to read one-time passwords or collect sensitive data. .
“This enhanced fraud prevention feature is designed to protect against sensitive and frequently exploited financial fraud when users attempt to install apps from internet sideloading sources (web browsers, messaging apps, or file managers). “It analyzes and automatically blocks app installations that may use runtime permissions,” the company said.
This feature inspects in real-time the permissions declared by third-party apps that attempt to read SMS messages, decrypt or deny notifications from legitimate apps, and gain access to sensitive permissions related to accessibility services. It’s designed to help you find what you want. It is routinely exploited by Android-based malware to extract valuable information.
As part of the test, if a user in Singapore tries to sideload such an app (or APK file), they will be blocked from doing so via Google Play Protect, with a message saying “This app may request access to sensitive data.” A pop-up message will appear saying “There is a problem.” This can increase the risk of identity theft and financial fraud. ”
“These permissions are frequently used by fraudsters to intercept one-time passwords via SMS or notifications, or to spy on on-screen content,” said Eugene Leiderman, director of mobile security strategy at Google. “It will be misused,” he said.
The tech giant said the changes are part of a collaborative effort to combat mobile fraud, and urged app developers to follow best practices and review their apps’ device permissions for violations of the Mobile Unwanted Software Principles. I called on them to do so.
Google launched real-time scans of Google Play Protect at the code level to detect new Android malware in select markets, including India, Thailand, Singapore, and Brazil, with the effort resulting in 515,000 new malicious apps. announced that it was now able to detect and issued even less. There have been over 3.1 million warnings or blocks for these apps.
The development comes as Apple announced significant changes to the European Union’s App Store to comply with the Digital Markets Act (DMA) ahead of the March 6, 2024 deadline. Changes involving notarization of iOS apps are scheduled to take effect in iOS 17.4.
But the iPhone maker has repeatedly stressed that distributing iOS apps from alternative app marketplaces exposes EU users to “increased privacy and security threats” and that it has no intention of bringing them to other regions.
“This includes new channels for malware, scams and scams, illegal and harmful content, and other privacy and security threats,” Apple said. “These changes also impair Apple’s ability to detect, prevent, and address malicious apps on iOS and support users affected by issues with apps downloaded outside of the App Store.”