Google partners with the Cyber Security Agency of Singapore to pilot a new enhanced security feature to better protect Android mobile users from scams

Singapore, 7 February 2024 – Today, Google Singapore announced that, in partnership with the Cyber Security Agency of Singapore (CSA), Google is launching a new enhanced protection feature within Google Play Protect to help further safeguard mobile users against malware-enabled scams, by blocking the installation of potentially-risky sideloaded apps.

Singapore will be the first country to begin a phased pilot of this feature on Android devices in the next few weeks. This feature has undergone pre-testing and was developed as part of the ongoing partnership between Google and CSA on cybersecurity and anti-scam efforts, which was announced in October 2023.

As mobile devices are increasingly used for digital and financial transactions, users around the world are experiencing more financial fraud. Cybercriminals often use social engineering tactics to deceive mobile users into disabling security safeguards and to ignore proactive warnings for potential malware, scams, and phishing under false pretences, like financial gain, savings or urgency to resolve an issue. This can result in users downloading malicious apps from online sources like web browsers, messaging apps or file managers – also known as Internet sideloading – and disclosing sensitive personal information or transferring funds unknowingly to a fraudster or scammer. According to a recent Google Singapore 2024 scams survey, despite Singaporeans expressing confidence in spotting scams and avoiding them, 1 in 2 online users in Singapore still fall victim to online scams1.

To keep users safe, Android has built in multiple layers of protections to protect users from fraud, scams, phishing, and other security threats on Android and Google Play, including Spam Protection in Messages, Safe Browsing on Chrome, and Google Play Protect. Recently, we announced Google Play Protect real-time scanning to help better protect users against new malicious, side-loaded apps that leverage various methods including AI, to infect devices with advanced forms of malware, which can change its identifiable features to avoid detection. Since the launch of this feature, real-time scanning has identified over 515,000 new potentially harmful apps and issued more than 3.1 million warnings or blocks of those apps.

How the new enhanced protection feature works on Android

Google’s latest enhanced fraud protection feature will provide Android users in Singapore with an additional layer of protection.

• With this enhancement, when a user attempts to install a potentially risky app - from an internet-sideloading source such as web browsers, messaging apps or file managers - that uses sensitive runtime permissions frequently abused for financial fraud, Google Play Protect will automatically block the installation with an explanation to the user.

• This enhancement will inspect the permissions of the app declared in real-time and specifically look for four runtime permissions. These include reading SMSes (READ_SMS), receiving SMSes (RECEIVE_SMS), accessibility service (Accessibility) and notification listening service (BIND_Notifications).

• Through Google’s detailed analysis of threat vectors, sensitive permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or from notifications, as well as spy on screen content. Based on our analysis of major fraud malware families that exploit these sensitive runtime permissions, we found that over 95 percent of installations came from Internet-sideloading sources.

• The pilot will go live in the next few weeks and progressively roll out to users in Singapore.

Should a user attempt to Internet-sideload an app that has declared their intent to use sensitive permissions, the user would see a block prompt through Google Play Protect with a new text string explaining why this application was blocked.

Mr Chua Kuan Seah, Deputy Chief Executive of CSA, shared, “The fight against online scams is a dynamic one. As cybercriminals refine their methods, we must collaborate and innovate to stay ahead. Through such partnerships with technology players like Google, we are constantly improving our anti-scam defences to protect Singaporeans online and safeguard their digital assets.”

Eugene Liderman, Director of Android Security Strategy at Google said, “Ensuring a safe and trusted experience on Android is a top priority for Google. We appreciate our partnership with CSA and the Singapore government to develop a long-term strategy to protect users against financial fraud. This pilot in Singapore is just one of many new things to come to help keep our users safe. We will be closely monitoring the results of the pilot to assess its impact and make adjustments as needed. We will also continue to work with other ecosystem partners, as deep industry collaboration and joint user education are key to fighting this evolving threat.”

Android users in Singapore are encouraged to learn more about how this enhanced protection works. 

Expanding user education to fight bad actors proactively

In addition to the new enhanced feature, Google will also support CSA by continuing to assist with malware detection and analysis, sharing malware insights and techniques, and creating user and developer education resources.

Beyond product innovation, Google is actively collaborating with industry partners, businesses and government agencies to drive further user education and awareness.

Initiatives like YouTube’s Creators for Impact program, in partnership with the local government, empowers local content creators like The Smart Local and Sethisfy Personal Finance to create scam prevention content that raises awareness on digital safety topics. Google’s commitment to digital literacy also extends to empowering vulnerable groups, including actively collaborating with nonprofit RSVP Singapore The Organisation of Senior Volunteers and the Singapore Police Force (SPF) on Project PRAISE to equip 2,000 seniors with the knowledge to recognize and combat scams. Google also holds forums with financial services companies to share our efforts in combating scams and the tools we have in place that can help prevent malicious mobile security attacks.

These ongoing efforts reflect Google’s commitment to empower Singaporeans with the tools, knowledge and confidence to navigate the digital world safely and securely. By prioritising security by default, privacy by design, and user control, Google strives to create a thriving online ecosystem where innovation and safety go hand-in-hand.

¹ Google Scams Survey Report; Feb 2024

For further details about this enhanced feature, you can also read our global security blog. 

You can download more key visuals and video assets of the new enhanced feature here.

For media queries, please contact avril.chan@tateanzur.com or googleteam@tateanzur.com.

About Google
Google's mission is to organise the world's information and make it universally accessible and useful.Through products and platforms like Search, Maps, Gmail, Android, Google Play, Chrome, and YouTube,Google plays a meaningful role in the daily lives of billions of people and has become one of the most widely-known companies in the world. Google is a subsidiary of Alphabet Inc

About the Cyber Security Agency of Singapore
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cybersecurity awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. For more news and information, please visit www.csa.gov.sg