TO combat identity theft and financial fraud, Google has partnered with the Cyber Security Agency of Singapore (CSA) to block the installation of apps directly onto devices, also known as sideloading, in the island nation.
Sideloading is done via APK files downloaded through web browsers or links sent via messages, potentially from scammers.
The enhanced security feature, part of Play Protect, will analyse and automatically block the sideloading of apps that may use sensitive runtime permissions frequently abused for financial fraud.
“These permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on screen content.
“Based on our analysis of major fraud malware families that exploit these sensitive runtime permissions, we found that over 95% of installations came from Internet-sideloading sources,” Google said in a blog.
APK installation scams are a subject of concern across the globe. During the festive season last September, an APK scam targeting mooncake purchases defrauded 27 victims in Singapore, amounting to approximately S$325,000 (RM1.15mil).
The feature is being piloted in Singapore first, but there is no indication when or if it will be rolled out in other countries.
In October, Play Protect received an update that allowed it to scan app code for malicious behaviour during installations. Initially launched in India, it is expected to be rolled out to other countries.