Google tests real-time app scanning to protect Android users from financial fraud

Android is widely appreciated for its open platform nature, allowing users to install apps from sources outside the Google Play Store. However, this freedom comes with its own set of risks. While users enjoy the flexibility of installing any app they desire, they also face the downside of potential fraud, particularly when downloading questionable apps from the internet.

There's no denying the issue's existence, and Google is taking steps to address it. The tech giant is rolling out a new pilot program aimed at assisting Android phone users in avoiding scams targeting their money and personal information. In a blog post, Google shared it will soon start testing a feature to bolster fraud protection through Google Play Protect.

Continuing its strategic partnership with the Cyber Security Agency of Singapore (CSA), Google is set to launch the first pilot of this initiative in Singapore in the coming weeks. The upgraded fraud protection will analyze and automatically prevent the installation of apps that might exploit sensitive runtime permissions, commonly abused for financial fraud. This action will be taken when users try to install the app from sources outside the Google Play Store, such as web browsers, messaging apps, or file managers.

This enhancement will examine the permissions declared by the app in real time, focusing on four specific runtime permission requests: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility. Fraudsters commonly exploit these permissions to intercept one-time passwords via SMS or notifications, as well as to monitor screen content.