Google is piloting a new program to protect against financial fraud apps

Android is much loved for being an open platform. Users can install apps from sources outside the Google Play Store, but that coin has two sides. The freedom to install any app you like is weighed down by the fact that regular users often fall victim to fraud after downloading shady apps from the internet. The problem is undoubtedly present, so Google is now testing a new program that helps protect users against financial fraud apps.

Through Google Play Protect, Google is piloting enhanced fraud protection on Android devices that ship with Google Play Services. This program is being launched in Singapore in the coming weeks, and we presume a broader rollout will happen based on the pilot’s success.

Under this pilot, Google Play Protect will analyze and automatically block the installation of apps that use sensitive permissions (frequently associated with financial fraud) if that app has been sideloaded from sources like web browsers, messaging apps, or file managers. This enhancement will look for these four runtime permissions:

• RECEIVE_SMS
• READ_SMS
• BIND_Notifications
• Accessibility

The rationale behind looking for these permissions is that fraudsters frequently abuse them to intercept one-time passwords, either by reading it through the SMS or by spying on-screen content and reading it through a notification.

When a user in Singapore attempts to install an app that declares the use of any of these four permissions and if that app’s apk file has been downloaded from a web browser, messaging app, or file manager, Play Protect will automatically block the installation with an explanation to the user.

Google says that this enhanced fraud protection has undergone testing by the Singapore government. The company will closely monitor this project’s impact and make adjustments as needed. For developers impacted by this change, Google recommends they appeal their app’s Google Play Protect classification status.