Sunday, January 19, 2025
HomeCyber Security NewsGoogle Blocked Malicious Sideloading Apps for Indian Users

Google Blocked Malicious Sideloading Apps for Indian Users

Published on

SIEM as a Service

Follow Us on Google News

Google has launched a pilot program to block malicious sideloading apps. This initiative is part of Google’s ongoing efforts to protect users from financial fraud and cybercrime, which have risen globally, particularly in India.

Cybercrime continues to be a significant concern in India, with consumers losing substantial amounts of money to fraudulent activities.

According to the Indian Cyber Crime Coordination Centre (I4C), in just the first four months of 2024, Indians reportedly lost over ₹1,750 crore (approximately USD 212 million) to cybercriminals.

This alarming figure underscores the need for enhanced protective measures to safeguard users from online threats.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

Google Play Protect: A Robust Security System

Android’s built-in security system, Google Play Protect, protects users from harmful apps. It scans over 200 billion apps daily, identifying and blocking potential threats.

Last year, Google introduced real-time scanning to protect users from malicious internet-sideloaded apps better. This feature has proven effective, identifying over 10 million malicious apps globally. 

The new pilot program will expand Google Play Protect’s capabilities by enhancing fraud protection for apps installed from internet-sideloading sources such as web browsers and messaging apps.

This initiative follows successful pilots in Singapore, Thailand, and Brazil, where nearly 900,000 high-risk installations were blocked in Singapore alone.

Enhanced Fraud Protection: How It Works

The enhanced fraud protection will automatically block the installation of apps requesting sensitive permissions frequently abused for financial fraud. These permissions include RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility services.

Enhanced proactive protection against apps used in fraud scams
Enhanced proactive protection against apps used in fraud scams (source: google)

Google’s analysis revealed that over 95% of installations exploiting these permissions originated from internet-sideloading sources. 

Once the pilot begins next month in India, Play Protect will block any app installation from an internet-sideloading source declaring these permissions.

Users will receive an explanation regarding the block, helping them understand the potential risks involved.

The success of this initiative relies on collaboration with various stakeholders. Sugandh Saxena, CEO of the Fintech Association for Consumer Empowerment, emphasized the importance of safe digital platforms and praised Google’s efforts as a critical tool in combating financial crimes.

This collaborative approach aims to create a secure mobile experience for all Android users by working closely with governments, industry partners, and other stakeholders.

Preparing Developers for Change

Developers distributing apps that may be affected by this pilot are encouraged to review their app permissions and adhere to best practices for safeguarding user data.

Google has provided updated developer guidance to help address potential issues and offers instructions for filing appeals if necessary. 

As the pilot rolls out across Android devices with Google Play services in India next month, it marks a significant step forward in protecting users from financial fraud and enhancing overall digital security.

Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....

New Tool Unveiled to Scan Hacking Content on Telegram

A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....