Google pilots block sideloaded apps in India

As online fraud and scams continue to increase across India, Google has announced plans for a major change in the country as it tries to mitigate the issue: it plans to block side-loading of certain apps, especially those users trying to download directly from the Internet. . The pilot – announced at Google’s annual event for India on Thursday – is part of what it described as “enhanced fraud protection” within Google Play Protect.

Sideloading, where users download apps to their Android phones via the official Google Play app store, has been a serious problem for Google in the country before now, and this move shows that Google is slowly tightening its policies on this practice, not just. in India but in other regions.

Last October, Google also introduced a real-time scanning protection feature in India, which aims to prevent side-loading of malicious apps. But when TechCrunch tested the feature with more than 30 malicious apps, we found that while it blocked most of them, some malicious loan apps bypassed the protection.

Meanwhile, in February, Google rolled out improved fraud protection in Singapore. The company said the move helped prevent 900,000 high-risk infections in the Southeast Asian country over six months.

To be clear, the pilot announced today during the event in India will not be heard saying death everything sideloading in the country. Users will still be able to sideload offline apps, and use third-party app stores, from what we understand.

What is Google the will do analyze and automatically prevent sideloading through the phone’s web browser, any messaging application (Android or other), or any file manager, if the installation of a particular application requests sensitive permissions, such as access to SMS, notifications, and accessibility features. That’s because these permissions often allow fraudsters to steal one-time passwords, financial information, and other sensitive data.

The improved protection will “check the permissions announced by the application in real time and specifically look for permission requests that are often exploited by fraudsters to capture one-time passwords via SMS or notifications, as well as check the screen content (they are RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility),” it said. Google in a blog post.

After the driver starts, Google said that Play Protect will automatically block such installations by definition.

Google said it focused on this side traffic because – based on its analysis of major malware families that exploit sensitive permissions – more than 95 percent of suspicious installations come from these sources.

Google did not immediately respond to questions about when and where the feature would go live.

Google says its existing fraud protection in India has saved more than $1.55 billion since last year and has shown 41 million alerts about Google Pay fraud to Indian users. The integration of Play Protect on Android devices has also helped identify 10 million malicious apps worldwide, the company added. However, fraudsters still find ways to cheat the system and prey on gullible people in the world’s most populous country.

Google has been taking a multi-pronged approach to the issue of mobile app fraud in India.

Last year, it announced a program called DigiKavach in India, where it works with firms and industry associations in the financial sector to reduce financial fraud. The company has also partnered with the Indian Cyber ​​​​Crime Coordination Center and entered Google Pay into the Indian government’s national Cyber ​​Crime Reporting database to detect red flags and help investigate fraudulent financial activities.

However, the situation has worsened. In 2022, TechCrunch reported on how animal lending apps in India led to cases of people taking their own lives. The central bank and government agencies have introduced different ways to reduce the risk of people being targeted by these apps. However, fraudsters still find loopholes in the system to prey on their prey.

Along with the Play Protect update, Google on Thursday announced that it will launch a new Google Security Engineering Center in India by 2025 which the company said is “dedicated to building and improving security and cyber security products and solutions.”

The center will have Google security engineers working with local policy experts, government partners, and academics to address “the nation’s cyber security challenges, focused on protecting users from threats such as scams and fraud, strengthening business and government security, and promoting cutting-edge research.” and development.”