Android lets users filter overseas SMSes to spam folder, block sideloading while on call

SINGAPORE - Android users in Singapore can opt to filter all unknown overseas text messages to a spam folder in a new security measure that will be launched here by the end of 2024.

Once the filter is active, any number from abroad that has not been saved as a contact will be filtered to a spam folder.

The feature will be available in the Protection and Safety settings within the messages app, Google said in a statement on Oct 16. It is an effort by Google, the Singapore Police Force and the Infocomm Media Development Authority to curb SMS scams.

In a separate feature, Android users will, by default, be blocked from disabling Google Play Protect while they are on a phone call. This is to counter a tactic used in recent months where fraudsters guide victims to install malware over the phone.

The security measure adds to the enhanced fraud-protection features of Android’s built-in Google Play Protect, which was launched

exclusively in Singapore in February

as it grappled with a surge in malware scams. More than $34 million was lost to malware scams in 2023.

Play Protect is Google’s in-built security feature that scans for potentially risky apps.

In Singapore, Play Protect blocks all sideloaded applications that require suspicious permissions, such as access to read SMS messages – an indicator of potentially malicious apps. Sideloaded apps are apps not from the official Google Play Store, a selling point of the Android ecosystem as it allows users to install apps from other sources.

Users of Apple’s iOS devices, in contrast, are largely restricted to the official App Store.

The upcoming measures for consumer devices were announced by director of Android security strategy Eugene Liderman during a panel on mobile security and scams at the Singapore International Cyber Week being held from Oct 14 to 17 at the Sands Expo and Convention Centre.

The new Android features aim to restrict common channels exploited by scammers to target victims.

Text message is among the most common methods scammers use to contact victims – more than 700 SMS scam cases were reported in the first half of 2024, according to the police.

Despite a plunge in malware scam cases in 2024 so far, malicious apps remain an effective tool for fraudsters as the software grants hackers full control over victims’ devices, allowing them to empty victims’ bank accounts. Reported malware scam attacks fell from 1,899 for the whole of 2023, to 95 cases in the first half of 2024, according to the police.

In September, the police reported that at least nine people were targeted in a malware scam, where fraudsters instructed them to share their device screen and then disable the Google Play Protect security feature, allowing malware to be installed.

The victims later discovered unauthorised transactions in their bank accounts, with losses totalling at least $223,000.

Singapore Android users continue to fall for scams even as the number of successful cases dip. Since the roll-out of its enhanced security features, at least 900,000 attempts to install high-risk mobile apps like fake gaming, e-commerce and messaging apps have been blocked across more than 300,000 devices, according to the company’s latest update on Oct 16.