Google Testing New Ways to Block Unreliable App Installation, Combat Financial Frauds

The new enhanced financial fraud protection is part of Google Play Protect.

  • Google Play Protect will block apps using sensitive runtime permissions to intercept SMS and notifications.
  • The new mechanism will kick in when installing an app through a sideloading source.
  • The feature will be piloted on Android devices in Singapore in the coming weeks.

Financial fraud protection has become an more important concern on smartphones given the ever-increasing cases of online scams and improved tactics by scammers. Since Android users are easier to prey on because of the openness of the operating system, Google keeps coming up with new ways to combat financial fraud and scams. Its latest announcement is enhanced financial fraud protection through Google Play Protect. The goal is to block suspicious app installations through internet-sideloading sources.

Google is piloting enhanced financial fraud protection in collaboration with the Cyber Security Agency of Singapore (CSA). The new Google Play Protect feature will analyze apps that may use sensitive runtime permissions to scam users. It will specifically look for the following four permissions: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility.

Such scam apps are commonly known to read SMSes and notifications so that they can intercept one-time passwords (OTPs). They also tend to spy on-screen content to get access to sensitive information. In future, whenever Google Play Protect detects an app using any of the permissions mentioned above at the time of the installation, it will automatically block the app.

The enhanced financial fraud protection will kick in when installing an app via an internet-sideloading source. This includes installing an APK through file managers, web browsers, and messaging apps. The new protection feature will be rolled out to Android devices with Google Play services in Singapore in the coming weeks.

Google Financial Fraud Protection Features in India

The aforementioned financial fraud protection relies on tech to block apps which means while it should be effective, it cannot offer protection against all types of social engineering tricks used by scammers. We know Indian fraudsters often rely on social engineering and pretend to be someone else and use other means like requesting payment via UPI to dupe users.

This is the reason we would suggest users remain careful when dealing with anyone unknown, especially those offering sudden and quick payments. Some of the commonly recommended tips to keep in mind include avoiding clicking on suspicious URLs, not sharing OTPs, and never transferring money when the other person seems to be in a hurry. Whenever you feel the slightest of doubts, it is always better to not move ahead with whatever the other person is telling you to do.

Google recently launched DigiKavach feature to curb financial fraud in India. It has been developed in partnership with the Fintech Association for Consumer Empowerment (FACE). It will collect all financial scam data to create a model of thefts. It will look for breakthrough points to detect such scams and share them with the government and cyber department officials.

In other news, the government is considering adding a time delay to the first transactions between users. It could introduce a minimum of four-hour delay for payments above Rs 2,000. The change could cover all types of payment modes including UPI, RTGS, and IMPS. The delay would apply only to the first transaction between the two uses to reduce financial fraud.