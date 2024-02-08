



To reduce financial fraud, Google has launched a new program in Singapore that prevents users from sideloading certain apps. The company is trying to block sideloaded apps that abuse Android permissions to read one-time passwords received through SMS and notifications.

Google said there are four sets of privileges that bad actors can abuse to commit financial fraud. According to the company's research, most of these apps are sideloaded, meaning they are manually installed on the device rather than through the Play Store.

“These permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, or to spy on content on your screen. “Based on our analysis of the leading fraudulent malware families we exploit, we found that over 95% of installations come from Internet sideloading sources,” the company said in a blog post.

The search giant said that if a user in Singapore attempts to install such an app, Google will automatically block the attempt with a message pop-up that reads: “This app may request access to sensitive data. This may increase the risk of identity theft and financial fraud.”

Google developed this pilot in collaboration with the Cyber ​​Security Authority of Singapore (CSA) as part of the Play Protect program.

In October last year, the company announced the first rollout in India of real-time scanning protection that prevents users from sideloading malicious apps. In November, TechCrunch conducted a test using more than 30 malicious apps. Although Google's protections blocked most of them, some predatory loan apps were able to successfully install.

This recent enhancement adds real-time code-level scanning to Google Play Protect to combat new malicious apps, whether they're downloaded from Google Play or elsewhere. Google spokesperson Scott Westover said in an email to TechCrunch. At that time. These features will continue to evolve and improve over time as Google Play Protect collects and analyzes new types of threats facing the Android ecosystem.

Since then, Google has expanded its real-time scanning capabilities to new regions such as Thailand, Singapore, and Brazil.

In its latest announcement, Google warned developers that their apps must not violate the Mobile Unwanted Software Principles and should follow guidelines.

Fraudulent loan apps are a thorn in Google's side in regions like India and Africa. Google has come under intense scrutiny in India after predatory loan apps and their representatives harass people with demands for repayments, leading some to commit suicide.

Last year, Google introduced a new policy that prohibits loan apps from accessing users' photos and contact details.

