Play Protect will “analyze and automatically block the installation of apps that may use sensitive runtime permissions frequently abused for financial fraud when the user attempts to install the app from an Internet-sideloading source (web browsers, messaging apps or file managers).”
This enhancement will inspect the permissions the app declared in real-time…
Google is specifically looking for financial fraud apps that request the RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility permissions. They can be used by fraudsters to intercept one-time SMS or notification-based passwords and spy on screen content.
Based on our analysis of major fraud malware families that exploit these sensitive runtime permissions, we found that over 95 percent of installations came from Internet-sideloading sources.
Rolling out via Google Play services, this pilot is starting in the coming weeks for Android users in Singapore. After throwing up an “App blocked by Play Protect,” Google will provide an explanation to the user: “This app can request access to sensitive data. This can increase the risk of identity theft or financial fraud.”
Google has partnered with the Cyber Security Agency of Singapore (CSA) and notes how “this enhanced fraud protection has undergone testing by the Singapore government.”
Together with CSA, we will be closely monitoring the results of the pilot program to assess its impact and make adjustments as needed. We will also support CSA by continuing to assist with malware detection and analysis, sharing malware insights and techniques, and creating user and developer education resources.
Developers are advised to review app permissions and follow best practices, while updated guidance provides “tips on how to help fix potential issues with your app and instructions for filing an appeal if needed.”
Meanwhile, Play Protect’s real-time scanning is said to have “made a significant impact on user safety” in India, Thailand, Singapore and Brazil. It has identified 515,000 new malicious apps and has issued more than 3.1 million warnings or blocks.
FTC: We use income earning auto affiliate links. More.