Android smartphone users in Singapore could soon find themselves blocked from installing software that is perceived to be malicious and could steal information or money from them, in a first such trial that the government here is partnering with Google to roll out.
When a user tries to install a potentially risky app, say, one that is downloaded from a scammer over WhatsApp or from a website, the phone will automatically stop the process.
This is done when the app seeks sensitive permissions often used for financial fraud, for example, to view SMS messages that are used for one-time passwords to log in to bank accounts.
Another permission that is monitored is one that allows for viewing screen content, which hackers often use to capture passwords needed to log in to victims’ digital accounts.
If a user is sent an APK file to install by a scammer, say, from an online video sales, he would be blocked from setting it up on his phone. Similarly, if he unwittingly downloads a file from a friend over WhatsApp, the phone also prevents the malware from being installed.
The pilot trial, unveiled today, is expected to go live in the next few weeks. The enhanced protection will roll out to users in Singapore progressively.
The trial is part of a partnership between Google and Singapore’s Cyber Security Agency (CSA) that was announced in October 2023.
The Republic is the first country to begin this phased trial, after some pre-testing between the government agency and the Internet giant earlier.
The enhanced feature is expected to protect against a common problem that has led to millions of dollars being stolen in recent years – users unwittingly installing malware that opens up their phones to scammers and fraudsters to empty their bank accounts.
Already, Google’s Play Protect feature now offers real-time scanning of such threats on Android phones. Since its launch in October last year, more than 515,000 new potentially harmful apps have been identified and more than 3.1 million warnings or blocks of those apps have been issued, according to Google.
The new restrictions could anger users who are used to installing their own third-party software, though most users have been advised by security experts as well as law enforcement agencies in recent years to avoid downloading and installing apps not from the official Google app store, given the risks involved.
The hope for users in Singapore would be for Google to deliver fewer false positives, given its experience in monitoring malware.
In August last year, local bank OCBC incurred the wrath of users who said they were prevented from installing commonly used and legitimate apps such as Microsoft Authenticator if they wanted to use the banking app on their phones.
It also sparked questions of whether banks should be allowed to scan customers’ phones for potentially suspicious apps without seeking their permission.