Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection
Google has announced that it's piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil.
The enhanced fraud protection feature aims to keep users safe when they attempt to install malicious apps from sources other than the Google Play Store, such as web browsers, messaging apps, and file managers.
The program, which was first launched in Singapore earlier this February, has already blocked nearly 900,000 high-risk installations in the Southeast Asian nation, the tech giant said.
"This enhanced fraud protection will analyze and automatically block the installation of apps that may use sensitive permissions frequently abused for financial fraud," Eugene Liderman, director of mobile security strategy at Google, said.
It works by examining the permissions declared by a third-party app in real-time and checking for permissions that are typically abused by malicious apps to read SMS messages and notifications, and leverage the accessibility services to serve overlays and perform other malicious actions.
Should any of the permissions be declared in the app's manifest ("AndroidManifest.xml") file, Google Play Protect will intervene to automatically block the installation on the end user's Android device.
The pilot is expected to start next month and is expected to be gradually rolled out to all Android devices running Google Play services in the country.
"For developers distributing apps that may be affected by this pilot, now is a good time to review the permissions your app is requesting and ensure you're following developer best practices," Liderman said.
The development comes nearly a year after Google launched DigiKavach (meaning "digital armor") in India to combat online financial fraud and safeguard users against scams and malware.
"Through this program, we're studying the methods and modus operandi of scammers, developing and implementing countermeasures to new emerging scams, and responsibly sharing these insights with committed experts and partners, to collectively help create a safer and more secure digital ecosystem for all," Google India head Sanjay Gupta noted back in October 2023.
source: TheHackerNews
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024