Google’s proposed overhaul aims to tackle a pervasive issue head-on by introducing measures to curtail sideloading of certain apps, specifically those obtained directly from the internet. Google has unveiled a new pilot programme, announced during its annual Google for India event on Thursday, which is part of the company’s “enhanced fraud safety” initiative within Google Play Protect.
Sideloading, where customers install apps on their Android devices outside of the official Google Play Store, has long posed a vexing challenge for Google in India, among other regions, and this move signals that Google is incrementally refining its policies globally.
In late October, Google rolled out a real-time scanning security feature in India to curb the rampant issue of sideloading malicious applications. When we reported on TechCrunch, we found that although many predatory mortgage apps were blocked, some cunning ones managed to evade the safeguards.
Meanwhile, in February, Google quietly announced. The corporation credited the initiative with preventing 900,000 high-risk installations across Southeast Asia within a span of just six months.
While the recent pilot in India may have raised concerns about the future of sideloading apps, it is unlikely to mark the end of this practice in the country? Customers will still be able to sideload offline apps, as well as utilize third-party app stores, based on our understanding.
Google prohibits sideloading by analyzing and robotically blocking installations through a mobile device’s web browser, messaging apps (regardless of platform), and file managers when an app requires sensitive permissions, such as access to SMS, notifications, and accessibility settings? As a direct consequence of these permissions, fraudsters are able to pilfer one-time passwords, financial credentials, and other sensitive information with ease.
The enhanced safety feature will scrutinise the app’s declared permissions in real-time, focusing specifically on those repeatedly exploited by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on display content (RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility).
Following the pilot’s initiation, Google announced that Play Defender would automatically thwart these installations with evidence.
Google has identified a significant pattern: more than 95 percent of suspicious app installations come from just a few specific sideload scenarios, driven by the primary fraud malware families that exploit sensitive permissions due to their evaluation.
Google remained tight-lipped about the exact timeline and location where this feature would become available.
According to Google, its existing fraud safeguards in India have prevented more than $1.55 billion worth of financial scams over the past year, while issuing 41 million alerts for potentially fraudulent transactions on Google Pay to Indian users. The Google Play Protect integration on Android devices has successfully detected and removed over 10 million malicious applications worldwide, according to the company’s announcement. Despite efforts to combat fraud, it remains a significant problem in India, the world’s second-most populous country.
Google has been employing a multifaceted approach to combat fraud involving mobile applications in India.
In its final 12 months, the organization has launched a novel initiative in India, partnering with companies and financial institutions to curb financial frauds. The corporation also collaborated with the Indian Cyber Crime Coordination Centre, integrating Google Pay into India’s nationwide cybercrime reporting platform, thereby gaining vital insights to support investigations of fraudulent financial transactions.
Despite the dire circumstances, the situation remained grave. In 2022, TechCrunch shed light on the proliferation of predatory mortgage apps in India, revealing a concerning trend. Central banks and regulatory bodies have implemented various measures to mitigate the risk of individuals falling prey to such applications. Despite efforts to prevent fraud, cunning criminals still find ways to exploit vulnerabilities and target unsuspecting victims.
Google announced on Thursday the establishment of a new Google Security Engineering Centre in India for 2025, designed to develop and enhance online security products and solutions.
The midpoint sees Google’s security experts collaborating with indigenous cybersecurity specialists, government agencies, and academic institutions to address the country’s “online security concerns,” focusing on safeguarding users from threats such as scams and fraud, enhancing business and government security, and propelling pioneering research and innovation.
