SINGAPORE - Android users here will be blocked from installing apps from unverified sources, a process called sideloading, as part of a new trial by Google to crackdown on malware scams.
The security tool will work in the background to detect apps that demand suspicious permissions, like those that grant the ability to spy on screen content or read SMS messages, which scammers have been known to abuse to intercept one-time passwords.
Singapore is the first country to begin the gradual roll out of the security feature over the next few weeks, done in collaboration with the Cyber Security Agency of Singapore (CSA), according to a statement on Feb 7 by Google, which develops the Android software.
The update will progressively arrive on all Android users’ devices and will be enabled by default through Google Play protect, said Google’s Director of Android Security Strategy Eugene Liderman, in reply to The Straits Times.
Users who are blocked from downloading a suspicious app will be notified with an explanation.
Users cannot deactivate the pilot feature without disabling all of Google Play Protect, said Liderman, adding that deactivation is not recommended for user safety.
“We’ve designed the pilot this way, as fraudsters frequently use social engineering to convince users to deactivate mobile app protection warnings when scamming or stealing data from a victim.”
Liderman added: “Given the rise in financial fraud cases within the past year and the widespread use of Android phones in Singapore, this enhanced security feature will offer vital protection to many mobile users.”
In a malware scam, victims are typically directed to download an Android package kit (APK) file through sources such websites or messaging apps to receive gifts or deals. This was the mode of operations employed in major malware scam campaigns to hijack victims’ devices and steal their money.
More than 1,400 victims fell prey to malware scams between January and August, with total losses amounting to at least $20.6 million, the police said.
The feature marks Google’s most heavy-handed feature to stamp out malicious sideloaded apps.
Android users were earlier recommended to conduct a scan of their apps to be notified whether the app was safe to install.
Samsung, which runs on Android, also launched Auto Blocker One UI 6 for Samsung Galaxy device users in November. The tool, which has to be activated in the settings menu, bars sideloaded apps from unverified sources.
This article was first published in The Straits Times. Permission required for reproduction.