Google Play Protect Now Offers Enhanced Protection Against Financial Fraud For Android Users.
Google Play is adding more layers of security to Play Protect to help prevent financial fraud. We are developing an anti-fraud project that will first be tested in Singapore in the coming weeks.
Google said in a blog post that it has seen a sharp increase in fraud cases. The Global Anti-Scam Alliance's 2023 State of Global Fraud report found that approximately 78% of survey respondents experienced at least one scam in the past year. 45% of respondents highlighted an increase in fraud over the past 12 months.
To address this issue, Google is launching a pilot anti-fraud project in collaboration with the Cybersecurity Authority of Singapore (CSA). Initially, the first pilot will only target Android users in Singapore.
The pilot project detects the runtime permissions your app requests in real-time when a user downloads the app. Look for requests like RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility.
This is a common tactic used by scammers for financial fraud whenever individuals sideload applications from the internet. Blog post notes:
- “This enhanced fraud protection feature prevents the installation of apps that may use sensitive runtime permissions that can often be abused for financial fraud when users attempt to install apps from Internet sideloading sources (web browsers, messaging apps, or file managers). Analyzes and automatically blocks. This improvement examines permissions declared by apps in real-time and specifically looks for four runtime permission requests: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility. These permissions are often abused by fraudsters to intercept one-time passwords or spy on-screen content via SMS or notifications. “Our analysis of the major families of fraudulent malware that exploit these sensitive runtime permissions shows that over 95% of installations come from Internet sideloading sources.”
Simply put, the pilot project aims to block any app from being installed whenever such a permission request is detected. Google Play Protect also issues notifications to notify users about your app. Google said the Singapore government tested this pilot project to help prevent fraud. This feature will be released on Android devices that support Google Play.
The company also highlighted several protocols for app developers. It was suggested that developers ensure that the permissions requested by their apps comply with the Unwanted Mobile Software Principle.
Apps should only request the essential permissions they need to run smoothly. However, if developers are running into issues, they can refer to Google's updated guidance on Play Protect warnings. If the issue is not resolved, you may also file an appeal.
In October 2023, Google introduced a feature that prompts users to scan unknown apps to prevent fraud. This feature scans apps at the code level and if new threats are found, it notifies the user to take appropriate action by not installing the application. In the latest update, improved fraud protection scans for malicious apps and automatically blocks them.