Google tests blocking side-loaded Android apps with risky permissions

Trending 1 week ago

Google

Google has launched a caller aviator programme to conflict financial fraud by blocking nan sideloading of Android APK files that petition entree to risky permissions.

An APK (Android Package) is simply a record format utilized to administer Android apps for installation successful nan operating system. These files are commonly distributed done third-party sites, allowing you to instal apps extracurricular of Google Play.

However, arsenic these outer sites do not reappraisal nan apps for malicious behavior, they tin see malware, spyware, and different threats.

Due to nan complexity and trouble of uploading bad apps connected Google Play, threat actors revert to societal engineering, utilizing various lures to person targets to download malicious apps from external, unvetted sources.

These APKs tin instrumentality victims into disclosing delicate individual and financial information, allowing threat actors to behaviour financial fraud.

Google says that passim 2023, scams connected nan Android level costs users complete $1 trillion successful losses, pinch 78% of nan surveyed users reporting experiencing astatine slightest 1 scam attempt.

Blocking risky apps

In October 2023, Google Play Protect received a caller information characteristic that performs real-time scanning of APKs downloaded from third-party app stores and websites.

This characteristic has been rolled retired to ample markets, including India, Thailand, Brazil, and Singapore, and it is expected to scope much countries this year. 

Google says this characteristic has identified 515,000 unwanted apps and warned astir aliases blocked 3.1 cardinal installations.

To fortify protections against unwanted apps further, Google is now launching a aviator successful Singapore wherever it will consecutive retired artifact nan installation of APKs that petition entree to nan pursuing risky permissions:

  • RECEIVE_SMS – Attackers usage this to intercept one-time passwords (OTPs) aliases authentication codes sent via SMS, enabling unauthorized entree to victims' accounts.
  • READ_SMS – Abused by attackers to publication delicate information, specified arsenic OTPs, banking messages, aliases individual communications, without nan user's knowledge.
  • BIND_Notifications – Attackers utilization this to publication aliases disregard notifications from morganatic apps, including information alerts aliases OTP notifications, perchance without nan personification noticing.
  • Accessibility – This permission, meant to assistance users pinch disabilities, provides nan malicious APK app pinch wide entree to power nan instrumentality and its functions. Attackers maltreatment it to show nan user's actions, retrieve delicate data, input keystrokes, and execute commands remotely, often starring to complete instrumentality compromise.

"Based connected our study of awesome fraud malware families that utilization these delicate runtime permissions, we recovered that complete 95 percent of installations came from Internet-sideloading sources," reads Google's report.

"During nan upcoming pilot, erstwhile a personification successful Singapore attempts to instal an exertion from an Internet-sideloading root and immoderate of these 4 permissions are declared, Play Protect will automatically artifact nan installation pinch an mentation to nan user."

Google

BleepingComputer has asked Google astir its plans to rotation retired this caller protection characteristic to nan remainder of nan world, and we will update this station arsenic soon arsenic we cognize more.

Meanwhile, Android users are advised to debar APK downloads arsenic overmuch arsenic possible, scrutinize permissions requested during app installation, and tally Play Protect scans regularly.