Google Pilots Block Sideload of Apps in India

To combat online fraud in India, Google will block sideloading of certain apps from the internet as part of its “enhanced fraud protection” strategy announced at the Google for India event

Sideloading, which involves users circumventing the official Google Play app store to install applications on their Android phones, has been a contentious issue for Google in the country.

This action suggests that Google is gradually tightening its policies regarding the practice, not only in India but also in other regions.

Google also implemented a real-time scanning protection feature in India last October to reduce the practice of sideloading malicious applications.

However, when TechCrunch evaluated the feature with more than 30 malicious applications, we discovered that, although the majority of them were blocked, a few predatory loan applications were able to circumvent the protection.

In February, Google implemented improved fraud protection in Singapore. The company claimed that the action prevented 900,000 high-risk installations in Southeast Asia within six months.

To be precise, the pilot’s announcement during the India event today will not serve as the final blow for all sideloading in the nation. We understand that users will continue to be able to sideload offline applications and utilize third-party app stores.

Suppose the specific app install requests sensitive permissions, such as access to SMS, notifications, and accessibility features.

In that case, Google will analyze and automatically block sideloading through the phone’s web browser, any messaging app (Android or otherwise), and any file manager.

This is due to the fact that these permissions frequently enable fraudsters to acquire sensitive data, including financial credentials and one-time passwords.

In a blog post, Google stated that the improved protection will “inspect the permissions the app declared in real-time and specifically look for permission requests that are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on screen content (it is RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility).”

Google stated that Play Protect will automatically prevent such installations with an explanation once the pilot program commences.

Google stated that it is emphasizing these specific sideload scenarios due to the fact that, according to its examination of major fraud malware families that exploit sensitive permissions, these sources were responsible for more than 95% of suspicious installations.

Google did not immediately respond to inquiries regarding the feature’s publication date and location.

Since last year, Google has claimed that its fraud protection in India has prevented over $1.55 billion in financial schemes and has displayed 41 million warnings for fraudulent transactions on Google Pay to Indian users.

The company also stated that the Play Protect integration on Android devices assisted in the identification of 10 million malicious applications on a global scale.

Nevertheless, in the world’s most populous nation, fraudsters continue to devise methods to deceive the system and prey on the naive.

In India, Google has implemented a multifaceted strategy to address the issue of fraud through mobile applications.

In India, it introduced a program called DigiKavach last year, in which it collaborates with financial sector firms and industry organizations to mitigate financial frauds.

The company also collaborated with the Indian Cyber Crime Coordination Centre to enroll Google Pay onto the Indian government’s National Cyber Crime Reporting portal. This move was made to assist in the investigation of fraudulent financial activities and to obtain critical signals.

Nevertheless, the circumstances have been perilous. In 2022, TechCrunch published a report on the instances of suicides in India that were being caused by predatory loan applications.

In order to reduce the likelihood of individuals being targeted by these applications, the central bank and government agencies implemented various measures. Nevertheless, fraudsters continue to exploit the system’s vulnerabilities to prey on their victims.

Google announced on Thursday that it would establish a new Google Safety Engineering Center in India in 2025, in addition to the Play Protect update. The center is stated to be “dedicated to the development and advancement of security and online safety products and solutions.”

The center will have Google’s safety engineers collaborate with local policy experts, government partners, and academia to address the country’s “online safety challenges,” with a particular emphasis on safeguarding users from threats such as scams and fraud, enhancing enterprise and government security, and promoting cutting-edge research and development.

Google stated that it is emphasizing these specific sideload scenarios due to the fact that, according to its examination of major fraud malware families that exploit sensitive permissions, these sources were responsible for more than 95% of suspicious installations.

Google did not immediately respond to inquiries regarding the feature’s publication date and location.

Since last year, Google has claimed that its fraud protection in India has prevented over $1.55 billion in financial schemes and has displayed 41 million warnings for fraudulent transactions on Google Pay to Indian users.

The company also stated that the Play Protect integration on Android devices assisted in the identification of 10 million malicious applications on a global scale. Nevertheless, in the world’s most populous nation, fraudsters continue to devise methods to deceive the system and prey on the naive.

In India, Google has implemented a multifaceted strategy to address the issue of fraud through mobile applications.

In India, it introduced a program called DigiKavach last year, in which it collaborates with financial sector firms and industry organizations to mitigate financial frauds.

The company also collaborated with the Indian Cyber Crime Coordination Centre to enroll Google Pay onto the Indian government’s National Cyber Crime Reporting portal. This move was made to assist in the investigation of fraudulent financial activities and to obtain critical signals.

Nevertheless, the circumstances have been perilous. In 2022, TechCrunch published a report on the instances of suicides in India that were being caused by predatory loan applications.

In order to reduce the likelihood of individuals being targeted by these applications, the central bank and government agencies implemented various measures. Nevertheless, fraudsters continue to exploit the system’s vulnerabilities to prey on their victims.

Google announced on Thursday that it would establish a new Google Safety Engineering Center in India in 2025, in addition to the Play Protect update. The center is stated to be “dedicated to the development and advancement of security and online safety products and solutions.”

The center will have Google’s safety engineers collaborate with local policy experts, government partners, and academia to address the country’s “online safety challenges,” with a particular emphasis on safeguarding users from threats such as scams and fraud, enhancing enterprise and government security, and promoting cutting-edge research and development.