SINGAPORE — Some Android users in Singapore will automatically be blocked from installing apps from unverified sources, with a new security feature that Google plans to progressively roll out in the coming weeks.

It is part of a trial to better protect users against malware scams and was developed in partnership with the Cyber Security Agency of Singapore (CSA).

“Singapore will be the first country to begin a phased pilot of this feature on Android devices in the next few weeks,” Google said in a media release, adding that this builds on the existing Google Play Protect malware protection system.

When users try to install an application from unverified app stores, also known as sideloaded apps, Google’s latest security feature will automatically block it if it uses sensitive runtime permissions frequently abused for financial fraud.

Runtime permissions give an app additional access to restricted data like SMSes and phone notifications.

Users will be served an explanation if attempts to download a suspicious app are blocked.

In a previous update of Google Play Protect, users were recommended to conduct a real-time app scan to better detect whether an Android app may be infected with malware. When the scan was completed, users were notified about whether it could be safely installed. 

Mr Eugene Liderman, director of Android security strategy at Google, told CNA the real-time scanning enhancement to Google Play Protect was fully rolled out in Singapore in November 2023.

Since the launch of real-time scanning last October, Google said it has helped identify over 515,000 potentially harmful apps, and blocked or warned users almost 3.1 million times when they attempted to install such apps. 

Scam victims are often directed to download an Android package kit (APK) file through sources such as websites, messaging apps or file managers. 

“Members of the public are advised not to download any suspicious APK files on their devices as they may contain malware which will allow scammers to access and take control of the device remotely as well as to steal passwords stored in the device,” the police said in an advisory last July. 

Sideloaded apps typically ask for permission to read and receive SMSes and notifications, and grant accessibility to devices.

These permissions enable scammers to intercept one-time passwords via SMS or from notifications and spy on screen content, said Google.

The tech giant’s newest security feature is designed to look out for such permissions, which are “frequently abused by fraudsters”, and block the app’s installation.

“Based on our analysis of major fraud malware families that exploit these sensitive runtime permissions, we found that over 95 per cent of installations came from internet-sideloading sources,” it added. 

ONGOING FIGHT AGAINST MALWARE SCAMS

Over 750 cases of Android malware-related scams were reported in the first half of 2023, with victims losing more than S$10 million, the police said last September.

“The fight against online scams is a dynamic one. As cybercriminals refine their methods, we must collaborate and innovate to stay ahead. Through such partnerships with technology players like Google, we are constantly improving our anti-scam defences to protect Singaporeans online and safeguard their digital assets,” CSA deputy chief executive Chua Kuan Seah said.

Google added that more anti-scam features are in the pipeline, as a “safe and trusted experience” on Android is a “top priority” for the company.  

“This pilot in Singapore is just one of many new things to come to help keep our users safe,” said Mr Liderman.

“We will be closely monitoring the results of the pilot to assess its impact and make adjustments as needed. We will also continue to work with other ecosystem partners, as deep industry collaboration and joint user education are key to fighting this evolving threat.”

Besides rolling out new cybersecurity features, Google will also support CSA by continuing to assist with malware detection and analysis, sharing malware insights and techniques, and creating user and developer education resources. CNA

Share.

Leave A Reply

© 2024 The News Singapore. All Rights Reserved.