Unless you’ve been living under a rock, you probably already know that scams are getting more sophisticated.

And if you’re an Android user, your iPhone user friends have probably laughed at you for having a phone that scammers prefer to target. 

However, things are about to change.

On 7 February, it was announced that Singapore Android users will be blocked from installing certain unverified apps as part of an anti-scam trial.

The measure will be rolled out progressively over the next few weeks.

Android Users to be Blocked from Installing Unverified Apps

Google developed the security feature in partnership with the Cyber Security Agency of Singapore (CSA).

The trial aims to better protect users against malware scams.

Google plans to roll it out progressively in the coming weeks.

Notably, Singapore will be the first country to try out this feature.

Google added that the feature builds on the existing Google Play Protect malware protection system.

Here’s how it works.

When users try to sideload an app, which is the process of installing a potentially risky app from unverified sources like web browsers or messaging platforms, the new feature will automatically block the app if it demands suspicious permissions like access to restricted data.

Restricted data includes SMSes and phone notifications.

While you may think you have nothing to hide, here’s why the feature does this.

Scammers often abuse such permission to read users’ one-time passwords or spy on-screen content.

Of course, these apps won’t be blocked randomly.

Android users will be given an explanation if attempts to download a suspicious app are blocked.

Image: Google

Google Play Protect

Google Play Protect is a security programme built into Android devices.

In a previous update, Android users were recommended to conduct a real-time app scan to better detect if an app may have malware.

Upon completing the scan, users were notified whether the app was safe to install.

Speaking to Channel News Asia, director of Android security strategy at Google Mr Eugene Liderman said that the scan feature was fully rolled out in Singapore in November 2023.

According to him, it has helped identify over 515,000 potentially harmful apps.

It has warned or blocked users nearly 3,100,000 times when attempting to install such apps.

He added that the newest feature will be crucial in preventing malware scams on Android phones.

Notably, the newest feature will be enabled by default through Google Play Protect.

Speaking to The Straits Times, Mr Liderman said that users cannot deactivate the pilot feature without deactivating all of Google Play Protect.

For their safety, he discouraged users from deactivating the programme.

How Malware Scams Work

Sideloaded apps can come in the form of apps used by overseas businesses that do not use the Google ecosystem.

Examples of such apps include device customisation tools and free versions of paid apps.

While this sounds like fun and games, the allowance of sideloaded apps on Android devices has tricked numerous users into installing apps that allow scammers to spy on their devices and gain access to their bank accounts.

Victims are often directed to download an Android package kit (APK) file through sources like websites, messaging apps or file managers.

Good deals on such platforms typically entice these victims.

Unfortunately, this is how scammers manage to hijack victims’ devices and steal their money.

Based on Google’s analysis of significant fraud malware families, over 95% of installations came from internet-sideloading sources.

In September 2023, the police reported that more than 1,400 victims fell prey to malware scams between January and August, with total losses amounting to at least $20,600,000.

That’s a lot of money.

In August 2023, a woman lost $20,000 after downloading a fake food delivery app.

The 54-year-old was looking for healthy tingkat (meal delivery service) meal options for her elderly parents and saw a good “deal” on Facebook.

The scammer sent the woman a link to install a third-party app resembling Grain, the local caterer. 

Why Android Devices Are More Susceptible to Malware Scams Than Apple Devices

In 2023, head of regional trust and safety operations for Google Play Asia Pacific, Mr Aman Dayal, told TODAY that Android was built as an “open-source mobile operating system”.

Open-source software allows anyone to publicly access, inspect, modify and enhance. 

While the openness means fewer restrictions, it increases the risks of malware scams,

For instance, this openness can be exploited by cybercriminals.

With the increase in the prevalence of malware scams targeting Android users, other safety measures have also been implemented.

Samsung, which runs on Android, launched Auto Blocker for Samsung Galaxy device users who are using the One UI 6 software in November 2023.

The feature bars sideloaded apps from unverified sources and has to be activated in the settings menu.

In October 2023, CSA released a list of recommended antivirus apps to prevent scams.

The apps in the list have features like malware and phishing detection and cater to Android and iOS users.

Android:

  • Avast Antivirus and Security (Free)
  • AVG Antivirus and Security (Free)
  • Kaspersky Antivirus and VPN (Paid)
  • Lookout Security and Antivirus (Paid)
  • McAfee Security: VPN Antivirus (Paid)
  • Mobile Security and Antivirus (Trend Micro) (Paid)
  • Norton360 Antivirus and Security (Paid)

iOS:

  • Avast Security and Privacy (Free)
  • AVG Mobile Security (Free)
  • Kaspersky: VPN and Antivirus (Paid)
  • Lookout – Mobile Data Security (Paid)
  • McAfee Security: Privacy and VPN (Paid)
  • Norton360 Security and VPN (Paid)
  • TM Mobile Security (Paid)

Of course, there’s the trusty ScamShield app as well.

It filters incoming calls and SMSes from unknown contacts, including overseas numbers.

Mr Chua Kuan Seah, the deputy chief executive of CSA, acknowledged the evolving nature of malware scams, adding that the relevant bodies must continue to “collaborate and innovate” to stay one step ahead of scammers.

Google said that users can expect more anti-scam features in the future.

Mr Liderman noted that the pilot in Singapore is one of the many new things planned to keep Android users safe.

He added that Google will closely monitor the pilot’s results to make the necessary adjustments.

Furthermore, Google will continue working with its partners to collaborate on fighting malware threats.

The company will also support CSA by continuing to assist with malware detection and analysis, sharing insights and creating new resources to educate users and developers. 

By Frozen

Leave a Reply

Your email address will not be published. Required fields are marked *