![](data:image/svg+xml;charset=utf-8,<svg height="683" width="1024" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
Image credits: Kirill Kudryavtsev/AFP/Getty Images
To reduce financial fraud, Google has launched a new program in Singapore that prevents users from sideloading certain apps. The company is trying to block sideloaded apps that abuse Android permissions to read one-time passwords received through SMS and notifications.
Google said there are four sets of privileges that bad actors can abuse to commit financial fraud. According to the company’s research, most of these apps are sideloaded, meaning they are manually installed on the device rather than through the Play Store.
“These permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, or to spy on content on your screen. “Based on our analysis of the leading fraudulent malware families we exploit, we found that over 95% of installations come from Internet sideloading sources,” the company said in a blog post.
The search giant said that if a user in Singapore attempts to install such an app, Google will automatically block the attempt with a message pop-up that reads: “This app may request access to sensitive data. This may increase the risk of identity theft and financial fraud.”
![](data:image/svg+xml;charset=utf-8,<svg height="400" width="188" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
Image credits: Google
Google developed this pilot in collaboration with the Cyber Security Authority of Singapore (CSA) as part of the Play Protect program.
In October last year, the company announced the first rollout in India of real-time scanning protection that prevents users from sideloading malicious apps. In November, TechCrunch conducted a test using more than 30 malicious apps. Although Google’s protections blocked most of them, some predatory loan apps were able to successfully install.
“This recent enhancement adds real-time code-level scanning to Google Play Protect to combat new malicious apps, whether they’re downloaded from Google Play or elsewhere.” said Google spokesperson Scott Westover. Please email TechCrunch at that time. “These features will continue to evolve and improve over time as Google Play Protect collects and analyzes new types of threats facing the Android ecosystem.”
Since then, Google has expanded its real-time scanning capabilities to new regions such as Thailand, Singapore, and Brazil.
In its latest announcement, Google warned developers that their apps must not violate the Mobile Unwanted Software Principles and should follow guidelines. The company said it is open to expanding the testing program to other countries.
“We are constantly improving our protections to keep Android users around the world safe. We are working with CSA to closely monitor the results of the pilot program, evaluate its impact, and update it as needed. We will continue to make adjustments, and we are open to expanding the pilot to other countries in the future if we see similar interest and user protection needs,” said Eugene Leiderman, director of Android security strategy at Google. he told TechCrunch in a statement.
Fraudulent loan apps are a thorn in Google’s side in regions like India and Africa. Google is under intense scrutiny in India, where predatory loan apps and their representatives harass people with demands for repayments, leading some to commit suicide.
Last year, Google introduced a new policy that prohibits loan apps from accessing users’ photos and contact details.