Best daily deals

Affiliate links on Android Authority may earn us a commission. Learn more.

Google is piloting a new program to protect against financial fraud apps

Google Play Protect will block the sideloading of Internet-downloaded apps that use frequently abused permissions.
By
February 7, 2024
Google Play Services logo on smartphone Stock photo 1
Edgar Cervantes / Android Authority
TL;DR
  • Google is piloting a new way to tackle financial fraud by blocking the installation of apps that use frequently abused permissions.
  • Many financial fraud apps have exploited permissions related to SMS, notifications, and accessibility.
  • If an app with these permissions is being installed from external sources such as web browsers, messaging apps, or file managers, Google Play Protect will block its installation.

Android is much loved for being an open platform. Users can install apps from sources outside the Google Play Store, but that coin has two sides. The freedom to install any app you like is weighed down by the fact that regular users often fall victim to fraud after downloading shady apps from the internet. The problem is undoubtedly present, so Google is now testing a new program that helps protect users against financial fraud apps.

Through Google Play Protect, Google is piloting enhanced fraud protection on Android devices that ship with Google Play Services. This program is being launched in Singapore in the coming weeks, and we presume a broader rollout will happen based on the pilot’s success.

Under this pilot, Google Play Protect will analyze and automatically block the installation of apps that use sensitive permissions (frequently associated with financial fraud) if that app has been sideloaded from sources like web browsers, messaging apps, or file managers. This enhancement will look for these four runtime permissions:

  • RECEIVE_SMS
  • READ_SMS
  • BIND_Notifications
  • Accessibility

The rationale behind looking for these permissions is that fraudsters frequently abuse them to intercept one-time passwords, either by reading it through the SMS or by spying on-screen content and reading it through a notification.

When a user in Singapore attempts to install an app that declares the use of any of these four permissions and if that app’s apk file has been downloaded from a web browser, messaging app, or file manager, Play Protect will automatically block the installation with an explanation to the user.

Google Play Protect Financial Fraud Protection

Google says that this enhanced fraud protection has undergone testing by the Singapore government. The company will closely monitor this project’s impact and make adjustments as needed. For developers impacted by this change, Google recommends they appeal their app’s Google Play Protect classification status.

Got a tip? Talk to us! Email our staff at news@androidauthority.com. You can stay anonymous or get credit for the info, it's your choice.