Google is conducting pilot tests to block some sideloaded apps in India

As online scams and scams continue to rise across India, Google has announced plans for a major change in the country to mitigate the problem: it plans to block certain apps from sideloading, particularly those that users try to download directly from the internet to download. The pilot, announced at the annual Google for India event on Thursday, is part of what it calls “expanded fraud protection” within Google Play Protect.

Sideloading, where users load apps onto their Android phones bypassing the official Google Play app store, has been a sensitive issue for Google in the country, and this move signals that Google is slowly tightening its policies regarding the practice , not only in India but also in other regions.

Last October, Google also launched a real-time scanning protection feature in India to curb the sideloading of malicious apps. But when TechCrunch tested the feature with over 30 malicious apps, we found that while most of them were blocked, some predatory lending apps bypassed protection.

Meanwhile, Google released enhanced fraud protection in Singapore in February. The company said the move helped prevent 900,000 high-risk installations in the Southeast Asian country within six months.

To be clear, the pilot announced today during the India event will not be the death knell all Sideload in the country. As far as we know, users can still download offline apps and use third-party app stores.

What Google will The job is to analyze and automatically block sideloading across the phone's web browser, any messaging app (Android or otherwise), and any file manager if the particular app installation requires sensitive permissions such as access to SMS, notifications, and accessibility features . This is because these permissions often allow fraudsters to steal one-time passwords, financial information, and other sensitive data.

The enhanced protection “checks the permissions declared by the app in real time and specifically looks for permission requests, which are often abused by fraudsters to intercept one-time passwords via SMS or notifications and spy on screen content (these are RECEIVE_SMS, READ_SMS, BIND_Notifications and Accessibility),” said Google in a blog post.

After the pilot began, Google said Play Protect would automatically block such installations with an explanation.

Google said it is focusing on these specific sideload scenarios because – based on its analysis of the top scam malware families that exploit sensitive permissions – over 95 percent of suspicious installs came from these sources.

Google did not immediately respond to inquiries about when and where the feature will go live.

Google claimed that its existing fraud protection in India has saved more than $1.55 billion from financial fraud since last year and has shown Indian users 41 million alerts about fraudulent transactions on Google Pay. The Play Protect integration on Android devices has also helped identify 10 million malicious apps worldwide, the company added. Yet fraudsters still find ways to cheat the system and target gullible people in the world's most populous country.

Google is tackling the problem of mobile app fraud in India on multiple levels.

Last year, the company announced a program in India called DigiKavach, where it works with companies and industry organizations in the financial sector to curb financial fraud. The company has also partnered with the Indian Cyber ​​Crime Coordination Center and integrated Google Pay with the Government of India's National Cyber ​​Crime Reporting portal to obtain critical signals and help investigate fraudulent financial activities.

However, the situation was dire. In 2022, TechCrunch reported on how predatory lending apps in India caused people to commit suicide. The central bank and government authorities have taken various measures to reduce the risk of people being attacked by these apps. However, fraudsters still find loopholes in the system to attack their prey.

In parallel with the Play Protect update, Google announced on Thursday that it would open a new Google Safety Engineering Center in India in 2025, which the company said would aim to “develop and advance security and online safety products and solutions.” .

At the center, Google security engineers will work with local policy experts, government partners and academia to address the country's “online security challenges,” with a focus on protecting users from threats such as scams and scams, strengthening the Corporate and government security and promoting cutting-edge research and development.”