CSA works with Google to block sideloading of potentially risky Android apps
ANDROID users in Singapore will be blocked from sideloading apps with certain sensitive permissions, as a new feature is piloted and progressively rolled out over the next few weeks.
On Wednesday (Feb 7), Google said it worked with the Cyber Security Agency of Singapore (CSA) to create the feature to protect users when they attempt to install potentially risky apps.
Users have been targeted and lured into downloading such apps from Internet-sideloading sources such as web browsers, messaging apps and file managers. Sideloading refers to the act of downloading and installing apps outside of official app stores, such as the Google Play Store.
The new feature will block apps with four sensitive permissions that allow it to read SMSes, receive SMSes, use the accessibility service and listen to a user’s notifications. The accessibility service can give malicious apps the ability to simulate touching a phone’s screen, giving it access to the contents on the screen.
“Based on our analysis of major fraud malware families that exploit these sensitive runtime permissions, we found that over 95 per cent of installations came from Internet-sideloading sources,” Google said.
It added that it will continue to support CSA by assisting with malware detection and analysis, sharing malware insights and techniques, and creating user and developer education resources.
GET BT IN YOUR INBOX DAILY
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
CSA deputy chief executive Chua Kuan Seah said the partnership with players such as Google is part of the regulator’s efforts to stay ahead of cybercriminals as they refine their methods.
Since August last year, banks also implemented anti-malware measures. These measures usually restrict customer access to mobile apps if screen-sharing or screen-mirroring is happening while the apps are accessed.
In its mid-year statistics for scam and cybercrime cases, the Singapore Police Force said there were at least 750 cases of Android users falling prey to malware scams in the first half of 2023. Of these, 11 had unauthorised withdrawals made from their Central Provident Fund savings.
KEYWORDS IN THIS ARTICLE
BT is now on Telegram!
For daily updates on weekdays and specially selected content for the weekend. Subscribe to t.me/BizTimes
Companies & Markets
TikTok tells advertisers: ‘We are not backing down’
EV automakers get reprieve in US tax credit rules
Nomura, Mizuho face losses on All Blue fund’s failed trades
Stablecoin Tether steps up monitoring in bid to combat illicit finance
HSBC asked by US$890 billion investor group to set energy goal
BHP’s biggest rivals sit on the sidelines of Anglo M&A drama