Singapore Android users to be blocked from installing certain unverified apps as part of anti-scam trial

SINGAPORE: Android users in Singapore will automatically be blocked from installing apps from unverified sources, with a new security feature that Google plans to progressively roll out in the coming weeks.

It is part of a trial to better protect users against malware scams and was developed in partnership with the Cyber Security Agency of Singapore (CSA).

"Singapore will be the first country to begin a phased pilot of this feature on Android devices in the next few weeks," Google said in a media release, adding that this builds on the existing Google Play Protect malware protection system.

When users try to install a potentially risky app from sources such as web browsers or messaging platforms - a process known as sideloading - Google's latest security feature will automatically block the app if it demands suspicious permissions such as access to restricted data like SMSes and phone notifications.

Such permissions have been abused by scammers to read users' one-time passwords or spy on screen content, for instance.

Android users will be served an explanation if attempts to download a suspicious app are blocked.

This is Google's latest effort to safeguard mobile users against malware scams.

In a previous update of Google Play Protect - a security program built into Android devices - users were recommended to conduct a real-time app scan to better detect whether an app may be infected with malware. When the scan was completed, users were notified about whether it could be safely installed.

Eugene Liderman, director of Android security strategy at Google, told CNA that this real-time scanning enhancement to Google Play Protect was fully rolled out in Singapore in November 2023.

It has helped identify over 515,000 potentially harmful apps and blocked or warned users almost 3.1 million times when they attempted to install such apps, according to Mr Liderman.

He added that the latest feature that will be rolled out in the coming weeks will offer "vital protection" to many mobile users.

FIGHT AGAINST MALWARE SCAMS

The issue of malware-related scams targeting Android users has made headlines in recent months, raising questions about whether Android devices are more susceptible.

More than 750 cases were reported in the first half of 2023, with victims losing more than S$10 million (US$7.4 million), the police said last September.

Scam victims are often directed to download an Android package kit (APK) file through sources such as websites, messaging apps or file managers.

Google said its newest security feature is designed to look out for suspicious permissions such as access to restricted data like SMSes and phone notifications.

"Based on our analysis of major fraud malware families that exploit these sensitive runtime permissions, we found that over 95 per cent of installations came from internet-sideloading sources," it added.

"The fight against online scams is a dynamic one. As cybercriminals refine their methods, we must collaborate and innovate to stay ahead. Through such partnerships with technology players like Google, we are constantly improving our anti-scam defences to protect Singaporeans online and safeguard their digital assets,” CSA deputy chief executive Chua Kuan Seah said.

Google added that more anti-scam features are in the pipeline.

"This pilot in Singapore is just one of many new things to come to help keep our users safe," said Mr Liderman.

"We will be closely monitoring the results of the pilot to assess its impact and make adjustments as needed. We will also continue to work with other ecosystem partners, as deep industry collaboration and joint user education are key to fighting this evolving threat.”

Besides rolling out new cybersecurity features, Google will also support CSA by continuing to assist with malware detection and analysis, sharing malware insights and techniques, as well as creating user and developer education resources.