Google Partners With the CSA on Security Feature Safeguarding Users From Malware-Enabled Scams

Google is enhancing the protection of Android users against malware-enabled scams.

The Singapore office of the search engine giant today announced it's working with the Cyber Security Agency of Singapore (CSA) to launch a new enhanced security feature within Google Play Protect that blocks the installation of potentially-risky sideloaded apps.

The security feature is being implemented to counteract new social engineering tactics of cybercriminals, where they deceive users into disabling safeguards and ignore proactive warnings under false pretences, like financial gain, savings or urgency to resolve an issue. Such cases often result in users downloading malicious apps from online sources like web browsers, messaging apps or file managers – a process called sideloading – and compromising their sensitive information or unknowingly transferring funds to scammers.

According to a recent Google Singapore 2024 scams survey, despite Singaporeans expressing confidence in spotting scams and avoiding them, one in two online users in Singapore still fall victim to online scams.

This is why Singapore will be the first country to begin a phased pilot of the new feature on Android devices in the next few weeks. The feature has undergone pre-testing and was developed as part of the ongoing partnership between Google and CSA on cybersecurity and anti-scam efforts, which was announced in October 2023.

Google touts that the feature should provide Android users in Singapore with an additional layer of protection.

When a user attempts to install a potentially risky app - from an internet-sideloading source such as web browsers, messaging apps or file managers - that uses sensitive runtime permissions, Google Play Protect automatically blocks the installation with an explanation to the user.

It also inspects permissions of the app declared in real-time and specifically look for four runtime permissions. These include reading SMSes (READ_SMS), receiving SMSes (RECEIVE_SMS), accessibility service (Accessibility) and notification listening service (BIND_Notifications).

Google said that sensitive permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or from notifications, as well as spy on screen content. From the company's analysis, up to 95% of malware families that exploit these runtime permissions come from Internet-sideloading sources.

"The fight against online scams is a dynamic one. As cybercriminals refine their methods, we must collaborate and innovate to stay ahead," said Mr Chua Kuan Seah, Deputy Chief Executive of CSA. "Through such partnerships with technology players like Google, we are constantly improving our anti-scam defences to protect Singaporeans online and safeguard their digital assets."

Apart from the new feature, Google will also support CSA by continuing to assist with malware detection and analysis, sharing malware insights and techniques, and creating user and developer education resources.

• Google Singapore today announced it's working with the CSA to launch a new enhanced security feature within Google Play Protect that blocks the installation of potentially-risky sideloaded apps.

• The feature also inspects permissions of the app declared in real-time and specifically looks for four sensitive runtime permissions.

• Apart from the new feature, Google will also support CSA by continuing to assist with malware detection and analysis, sharing malware insights and techniques, and creating user and developer education resources.