CSA works with Google to block sideloading of potentially risky Android apps

Yong Jun Yuan

Published Wed, Feb 7, 2024 · 10:53 AM

Google says it will continue to support CSA by assisting with malware detection and analysis, sharing malware insights and techniques, and creating user and developer education resources. PHOTO: BT FILE

ANDROID users in Singapore will be blocked from sideloading apps with certain sensitive permissions, as a new feature is piloted and progressively rolled out over the next few weeks.

On Wednesday (Feb 7), Google said it worked with the Cyber Security Agency of Singapore (CSA) to create the feature to protect users when they attempt to install potentially risky apps.

Users have been targeted and lured into downloading such apps from Internet-sideloading sources such as web browsers, messaging apps and file managers. Sideloading refers to the act of downloading and installing apps outside of official app stores, such as the Google Play Store.

The new feature will block apps with four sensitive permissions that allow it to read SMSes, receive SMSes, use the accessibility service and listen to a user’s notifications. The accessibility service can give malicious apps the ability to simulate touching a phone’s screen, giving it access to the contents on the screen.

“Based on our analysis of major fraud malware families that exploit these sensitive runtime permissions, we found that over 95 per cent of installations came from Internet-sideloading sources,” Google said.

It added that it will continue to support CSA by assisting with malware detection and analysis, sharing malware insights and techniques, and creating user and developer education resources.

Banking against malware-related scams

MPs had suggestions ranging from greater government information-sharing with the tech and banking sectors, to a central agency to manage scam cases.

MCI outlines security standards for mobile apps, plans to combat deepfakes

Developers are encouraged to adopt the new standard, which was published on Wednesday, to protect their apps from common malware and phishing attacks.

Companies likely to incur significant costs to meet cyber agency’s safe app standard

Scammers typically use Internet calling services to spoof local numbers.

Telcos to enable overseas call blocking, says Josephine Teo

CSA deputy chief executive Chua Kuan Seah said the partnership with players such as Google is part of the regulator’s efforts to stay ahead of cybercriminals as they refine their methods.

Since August last year, banks also implemented anti-malware measures. These measures usually restrict customer access to mobile apps if screen-sharing or screen-mirroring is happening while the apps are accessed.

In its mid-year statistics for scam and cybercrime cases, the Singapore Police Force said there were at least 750 cases of Android users falling prey to malware scams in the first half of 2023. Of these, 11 had unauthorised withdrawals made from their Central Provident Fund savings.

Scams Cybersecurity Digital banking

Reuse this content Feedback