Google to Block Malicious Sideloaded Apps Exclusively for Indian Users


Google has announced the launch of an enhanced fraud protection pilot for Android users in the country. This initiative aims to block malicious sideloaded apps that exploit sensitive permissions to commit financial fraud.

According to the Indian Cyber Crime Coordination Centre (I4C), Indians lost over ₹1,750 crore (over $212 million USD) to cyber-criminals in the first four months of 2024 alone. This staggering figure underscores the need for robust cybersecurity measures to protect users from online threats.

EHA

Google Play Protect, Android’s built-in app security system, already scans 200 billion apps on devices every day to help users stay safe from harmful apps. However, the company recognizes that keeping up with the cyber threat landscape requires constant innovation.

The enhanced fraud protection pilot, which has already shown promising results in Singapore, Thailand, and Brazil, will analyze and automatically block the installation of apps that may use sensitive permissions frequently abused for financial fraud.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

These permissions include RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility, which are often exploited by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on-screen content, Google said.

Enhanced Protection

Based on Google’s analysis of major fraud malware families that exploit these sensitive permissions, over 95 percent of installations came from Internet-sideloading sources. Therefore, the pilot will focus on blocking sideloaded apps that request these permissions.

When a user in India attempts to install an application from an Internet-sideloading source and any of these four permissions are declared, Play Protect will automatically block the installation with an explanation to the user.

How Developers Can Prepare

Developers distributing apps that may be affected by this pilot are advised to review the permissions their app is requesting and ensure they are following developer best practices. They can also check out the latest resources to learn about how to safeguard user data.

Suppose an app is affected by the enhanced fraud protection pilot. In that case, developers can refer to Google’s updated developer guidance for Play Protect warnings for tips on how to help fix potential issues with their app and instructions for filing an appeal if needed.

Building a truly secure mobile experience is a collaborative effort, and Google is committed to working with governments, industry partners, and other stakeholders to help users stay safe. The company has received support from various organizations, including the Fintech Association for Consumer Empowerment and HDFC Bank Limited.

Sugandh Saxena, CEO, Fintech Association for Consumer Empowerment, said, “Giving people safe platforms to access digital financial services rests on several pillars. Our work tells us that fraudsters are misusing open web links to distribute malicious apps to harm customers in various ways. Google’s enhanced fraud protection pilot will be a vital toolkit to plug a critical gap in protecting customers from financial crimes.”

Manish Agrawal, Senior Executive Vice President & Head – Credit Intelligence & Control, HDFC Bank Limited, added, “Rapid digitisation of financial transactions in India over the past few years has spelled convenience to millions of people. It also requires consumers to be vigilant against cyber fraudsters. HDFC Bank is committed to educating about safe digital banking practices with multiple initiatives through the year. Google’s new pilot, Google Play Protect Enhanced Fraud Protection, is another step towards user security and app protection.”

The enhanced financial fraud protection pilot will start next month and will gradually roll out to all Android devices with Google Play services in India. This initiative is expected to help combat financial fraud and protect users from malicious, sideloaded apps.

Strategies to Protect Websites & APIs from Malware Attack => Free Webinar



Source link