Google starts blocking users from sideloading certain apps in Singapore


Share post:

To reduce financial scams, Google has started a new program to prevent users from sideloading certain apps in Singapore. The company is looking to block sideloaded apps that abuse Android permissions to read one-time passwords received through SMS and notifications.

Google said there are four sets of permissions that bad actors exploit to commit financial fraud. According to the company’s survey, most of these apps are sideloaded, which are installed onto the device manually — not through the Play Store.

“These permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on-screen content. Based on our analysis of major fraud malware families that exploit these sensitive runtime permissions, we found that over 95 percent of installations came from Internet-sideloading sources,” the company said in a blog.

The search giant said when a user in Singapore tries to install any such app, Google will automatically block the attempt with a message pop-up that reads: “This app can request access to sensitive data. This can increase the risk of identity theft or financial fraud.”

HRA gif 1

Image Credits: Google


Google has developed this pilot in collaboration with the Cyber Security Agency of Singapore (CSA) as part of its Play Protect program.

Last October, the company announced a real-time scanning protection feature — with the first rollout in India — to stop users from sideloading malicious apps. In November, TechCrunch performed a test with over 30 different malicious apps. And while Google’s protection feature blocked most of them, some predatory loan apps were successfully installed.

“With this recent enhancement, we’re adding real-time scanning at the code-level to Google Play Protect to combat novel malicious apps, regardless of if the app was downloaded from Google Play or elsewhere,” said Google spokesperson Scott Westover in an email to TechCrunch at that time. “These capabilities will continue to evolve and improve over time, as Google Play Protect collects and analyzes new types of threats facing the Android ecosystem.”

Since then, Google has expanded the real-time scanning feature to new regions including Thailand, Singapore, and Brazil.

With the latest announcement, Google alerted developers that their apps should not violate Mobile Unwanted Software principles and should follow guidelines.

Fraudulent loan apps have been a pain point for Google in geographies like India and Africa. In India, Google has to face scrutiny as predatory loan apps and their representatives have harassed people for repayment, driving some to suicide.

Last year, Google introduced a new policy to bar loan apps from accessing users’ photos and contact details.

Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

Waymo can now charge for robotaxi rides in LA and on San Francisco freeways

Waymo received approval Friday afternoon from the California Public Utilities Commission to operate a commercial robotaxi service...

Rabbit’s Jesse Lyu on the nature of startups: ‘Grow faster, or die faster,’ just don’t give up

Rabbit co-founder and CEO Jesse Lyu isn’t afraid of death… the death of the company, at least....

Stay up-to-date on the amount of venture dollars going to underrepresented founders

Venture capital funding has never been robust for women or Black and brown founders. Alongside Crunchbase, we’ve...

MWC 2024: Everything announced so far, including Swayy’s app to tell friends where you’ll be next

The TechCrunch team is in Barcelona this week to bring you all the action going on at...

Is there anything AI can’t do?

Welcome to Startups Weekly — your weekly recap of everything you can’t miss from the world of...

Ultraleap is bringing haptic touch to cars and VR headsets

In May 2019, Ultrahaptics and Leap Motion became Ultraleap (not to be confused with Magic Leap, which...

Rants, AI and other notes from Upfront Summit

The venture capital stars were shining in Los Angeles this week at the Upfront Summit, an invite-only...

Threads says it will make its API broadly available by June

Meta-owned social network Threads said today that it will make its API broadly available to developers by...