Google has launched a collaborative initiative, 'enhanced fraud protection', in conjunction with Google Play Protect, to strengthen defenses against financial fraud targeting Android users. The inaugural phase of the program is scheduled for introduction in Singapore, backed by the Cyber Security Agency of Singapore (CSA) in the near future. In a blog post, Google underscored the strategic alliance with CSA, underscoring the program's significance in protecting Android users from potential mobile financial fraud.
The advanced fraud protection feature will assess and automatically prevent the installation of applications that exploit sensitive runtime permissions, commonly used for financial fraud. Specifically, the system targets applications sourced from Internet sideloading channels, such as web browsers, messaging apps, or file managers.
Google clarified that the enhancement involves scrutinizing real-time permissions declared by the app, specifically focusing on four runtime permission requests: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility. These permissions are frequently abused by scammers to capture one-time passwords through SMS or notifications and observe screen content. Google's analysis disclosed that more than 95% of installations of prominent fraud malware families, leveraging these permissions, originated from Internet sideloading channels.
Chua Kuan Seah, Deputy Chief Executive of CSA, underscored the significance of collaborations with tech entities like Google to consistently enhance defenses against scams, safeguarding online users and their digital assets. The 2023 Global State of Scams Report from the Global Anti-Scam Alliance highlighted that 78% of surveyed mobile users encountered at least one scam in 2023. Among respondents, 45% reported an increase in scams over the past 12 months.