Google Announces Enhanced Fraud Protection for Android

February 13, 2024
Posted by: Evans Asare

Google announces enhanced fraud protection for Android users

Google this week announced a pilot feature designed to improve Android’s protections against financial fraud attacks. Part of Google Play Protect, the enhanced fraud protection will block the installation of sideloaded applications that request sensitive runtime permissions that are frequently abused by fraudsters.

The feature will analyze attempts to install applications from internet-sideloading sources, such as browsers, file managers, or messaging applications, inspecting the permissions the app declared in real-time, specifically looking for four requests: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility.

“These permissions are frequently abuse by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on screen content,” Google notes.

According to the internet giant, more than 95% of the fraud and malware families typically requesting these permissions are installed from sideloading sources.

“During the upcoming pilot, when a user in Singapore attempts to install an application from an Internet-sideloading source and any of these four permissions are declared, Play Protect will automatically block the installation with an explanation to the user,” Google explains.

The internet giant says it will work with CSA on monitoring the results of the pilot to assess the impact and make adjustments, and that it will also assist the agency with detection and analysis through sharing malware insights and techniques.

What has been said?

Developers are advised to review the permissions their applications request to ensure that they only ask for the permissions they need and that they do not violate the Mobile Unwanted Software principles.

“Always ensure that your app does not engage in behavior that could be considered potentially harmful or malware,” the internet giant points out.

Google cites the Global Anti-Scam Alliance’s 2023 state of scams report, which claims financial fraud losses surpassed $1 trillion, with 78% of mobile phone users experiencing at least one scam over the past year and 45% noting an increase in scams.

The enhance fraud protection pilot program comes roughly four months after Google Play Protect got real-time code scanning for applications never install before, to alert users of previously unseen potentially harmful software.

“As a result of the real-time scanning enhancement, Play Protect has identify 515,000 new malicious apps and issue more than 3.1 million warnings or blocks of those apps,” Google says.