Skip to main content

Google Play Protect testing enhanced financial fraud protection

Avatar for Abner Li  | Feb 6 2024 - 7:03 pm PT
0 Comments

Last year, Google announced that Play Protect would prompt you to scan unknown Android apps before sideloading. Google is now piloting enhanced financial fraud protection for Play Protect.

Play Protect will “analyze and automatically block the installation of apps that may use sensitive runtime permissions frequently abused for financial fraud when the user attempts to install the app from an Internet-sideloading source (web browsers, messaging apps or file managers).”

This enhancement will inspect the permissions the app declared in real-time…

Google is specifically looking for financial fraud apps that request the RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility permissions. They can be used by fraudsters to intercept one-time SMS or notification-based passwords and spy on screen content. 

Based on our analysis of major fraud malware families that exploit these sensitive runtime permissions, we found that over 95 percent of installations came from Internet-sideloading sources.

Rolling out via Google Play services, this pilot is starting in the coming weeks for Android users in Singapore. After throwing up an “App blocked by Play Protect,” Google will provide an explanation to the user: “This app can request access to sensitive data. This can increase the risk of identity theft or financial fraud.” 

Google has partnered with the Cyber Security Agency of Singapore (CSA) and notes how “this enhanced fraud protection has undergone testing by the Singapore government.” 

Together with CSA, we will be closely monitoring the results of the pilot program to assess its impact and make adjustments as needed. We will also support CSA by continuing to assist with malware detection and analysis, sharing malware insights and techniques, and creating user and developer education resources.

Developers are advised to review app permissions and follow best practices, while updated guidance provides “tips on how to help fix potential issues with your app and instructions for filing an appeal if needed.”

Meanwhile, Play Protect’s real-time scanning is said to have “made a significant impact on user safety” in India, Thailand, Singapore and Brazil. It has identified 515,000 new malicious apps and has issued more than 3.1 million warnings or blocks.

Add 9to5Google to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Google on YouTube for more news:

Comments

Guides

Android

Android

Breaking news for Android. Get the latest on app…
Google Play Protect

Google Play Protect

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com