Google is updating its security checks with significant modifications, targeting sideloading—and thus the common avenues for cyber-crooks. At its annual Google for India, the big tech company announced that it will eliminate sideloading of particular apps directly from the internet, keeping under lock its "advanced fraud protection" strengthened through Google Play Protect.
What Is Sideloading and Why Is Google Cracking it Down?
You probably have already heard about sideloading but do not know what it's all about. Well, it's the way of installing apps on Android devices, not from the Google Play Store, but through the website or other means.
This gives users much-needed flexibility, but it has also been an outlet for dangerous apps and fraudulent practices, especially in India. Google is emphasizing its policies around sideloading with this new push, a measure that could be a bellwether for other parts of the world, according to TechCrunch.
In the past, Google addressed sideloading and introduced its real-time scanning feature in October of last year. Such a tool was created to avoid the sideloading of malicious apps. The tool was not one hundred percent effective since some predatory loan apps managed to slip through the system.
Google Pilot Program in India: More Fraud Protection
Under its latest pilot program, Google will automatically block sideloading attempts made through web browsers, messaging apps, and file managers — if the app requests sensitive permissions such as those allowing access to SMS, notifications, and features for accessibility. Fraudsters most frequently exploit such permissions for stealing financial credentials, one-time passwords (OTPs), etc.
According to Google's blog post, the revamped protection will "inspect the permissions the app declared in real-time and specifically look for permission requests that are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on-screen content (they are RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility).
This is against high-risk app installations, and Google has said that more than 95% of such suspect installations come from these sources. After the pilot goes live, Play Protect will block such installations and explain to the user, enhancing transparency.
Global Success and Next Steps for India
Google's fraud effort has already reaped successes in other regions. Advanced fraud protection was rolled out in Singapore in February of this year, and during the six months, it halted 900,000 high-risk installations. Google says its fraud prevention efforts have saved over $1.55 billion in financial scams in India since 2022. The firm has issued over 41 million fraud warnings on Google Pay alone.
However, despite all these, online fraud in India remains a significant menace as cybercrooks keep uncovering loopholes, to the dismay of unsuspecting users. Google can reduce this threat significantly by focusing on sideloading practices and targeting specific families of fraud malware.
In addition to Play Protect, Google intends to announce the opening of its Google Safety Engineering Center in India by 2025. The new facility will focus on innovation to combat fraud and enhance safety online nationwide.
Google's safety engineers will work closely with local and relevant experts, including government partners and academics, to address online safety problems unique to India.
