Google is rolling out new security protections for Android devices aimed at combating mobile financial fraud, according to an announcement from the tech giant yesterday. In a strategic partnership with Singapore's Cyber Security Agency (CSA), Google will launch a pilot program in the coming weeks that automatically blocks the installation of apps exhibiting high-risk behaviors commonly used in financial scams.
The pilot introduces enhanced fraud detection capabilities within Google Play Protect, Android's built-in malware protection system.
When a user attempts to install an app from outside of the Google Play store, Play Protect will analyze the permissions requested by the app in real time. If the app requests access to sensitive features frequently misused by scammers - such as reading SMS messages, accessing notifications, or using accessibility services - Play Protect will block installation and warn the user of potential fraud risks.
"The fight against online scams is a dynamic one. As cybercriminals refine their methods, we must collaborate and innovate to stay ahead," said Chua Kuan Seah, Deputy Chief Executive of CSA. "Through such partnerships with technology players like Google, we are constantly improving our anti-scam defenses to protect Singaporeans online and safeguard their digital assets."
Mobile Fraud a Growing Global Problem
The move comes as financial fraud, particularly on mobile devices, is skyrocketing worldwide. According to a recent report by the Global Anti-Scam Alliance, 78% of mobile users surveyed experienced at least one scam attempt in the past year, with 45% saying they faced more scams over the previous 12 months
Scammers frequently employ social engineering tactics to trick users into disabling security features and ignoring warnings about potential malware, scams and phishing attempts. By using urgent pretenses involving risks to finances or quick money opportunities, cybercriminals convince victims to disclose passwords, security codes, and financial data or unknowingly transfer funds.
Google found that over 95% of malware exploiting key runtime permissions frequently abused in financial fraud comes from the internet 'sideloading' - installation from web browsers, messaging apps or file managers rather than official app stores.
So its new pilot will automatically block the installation of apps from those sources that declare they need access to features commonly misused by fraudsters.
Specifically, the installation will be blocked for apps that request permission (RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility) to directly access SMS messages, read notifications on the device, or use accessibility services to view screen content. Google has observed major fraud malware families exploiting these sensitive permissions to intercept texts containing one-time passwords or spy on a victim's screen.
The tech company has already seen a positive impact from recent improvements to its Play Protect scanning system. An enhanced real-time scanning feature deployed in India, Thailand, Philippines and Brazil has so far identified 515,000 new malicious apps and prompted over 3.1 million blocks or warnings.
"Play Protect is constantly improving its detection capabilities with each identified app, allowing us to strengthen our protections for the entire Android ecosystem," Google stated.
The new pilot will undergo close monitoring and review by the Singapore authorities, with the potential for adjustments based on results. Google will also continue supporting CSA through malware analysis, sharing threat intelligence, and creating educational resources for users and developers.
For developers, Google advises carefully reviewing app permissions to ensure they are strictly limited to features actually required by the software. Sensitive permissions like those targeted by the pilot should only be requested if absolutely necessary for core functionality that does not violate Android anti-malware policies.
Developers whose apps are impacted by the pilot can refer to updated Google Play guidelines around security warnings and file appeals if required. However, the company says potentially affected apps "should only request permissions that the app needs to complete an action" and must not engage in anything "that could be considered potentially harmful or malware".
Google emphasizes that industry collaboration is key to effectively protecting users against the fast-evolving mobile security threat landscape, declaring "an unwavering commitment to protecting our users around the world." It looks forward to partnering further with government agencies, industry partners and other stakeholders on defenses against scammers and fraud.