Malware scam cases dip but Android users in S’pore still try to install high number of risky apps
Sign up now: Get ST's newsletters delivered to your inbox
Measures by tech players and the authorities contributed to the continual drop in malware scams to 35 cases in the second quarter of 2024.
PHOTO: LIANHE ZAOBAO
Follow topic:
SINGAPORE – Android users in Singapore continue to fall for malware scams and, since February, have made about 900,000 attempts to install high-risk mobile apps that could have left their devices vulnerable to being hacked, according to the latest figures released by Google on Aug 15.
Such attempts to install these apps on more than 200,000 Android devices here were blocked by Google’s enhanced fraud protection security measure, the company announced at its Safer With Google online safety conference.
Released exclusively here in February,
The high number of installation attempts comes even as reported malware scam attacks fell from 1,899 for the whole of 2023, to 95 cases in the first half of 2024 – a sign that security measures rolled out by platforms, banks and the authorities in the past year are taking effect. In 2023, victims lost more than $34 million.
Minister of State for Digital Development and Information Rahayu Mahzam announced these figures at the annual Safer With Google event at the firm’s office in Labrador Park and urged companies to collaborate with the authorities on tech solutions to combat scams.
Developed by Google and Singapore’s Cyber Security Agency, the enhanced feature for Google Play Protect was rolled out to all Android users here to block suspicious apps that require risky permissions or that have been downloaded from unofficial platforms.
Sideloading, which refers to the downloading of apps from third-party sources instead of official ones, is a core feature of Google’s Android platform.
The feature is often used by those dealing with overseas businesses that do not use the Google ecosystem, or for device customisation tools.
But Android users have also been tricked into installing apps that allow fraudsters to spy on their devices and enter their bank accounts.
Google’s enhanced anti-malware feature has also been rolled out in other countries after its exclusive launch in Singapore.
Measures by tech players and the authorities have also contributed to the continual drop in malware scams to 35 cases in the second quarter of 2024, from 60 cases in the first quarter of 2024, according to Ms Rahayu.
Minister of State for Digital Development and Information Rahayu Mahzam urged companies to collaborate with the authorities on tech solutions to combat scams.
ST PHOTO: JASON QUAH
Other organisations, including local banks, have joined the effort to crack down on malware since late September 2023. UOB, OCBC Bank and DBS Bank programmed their mobile apps to lock up if suspicious apps are detected on the same device that require risky permissions.
Samsung, too, has offered users the option of blocking the installation of all apps from unauthorised sources
Google’s vice-president of Android partnerships in the Asia-Pacific region Karen Teo said in a keynote speech at the conference that while sideloading has been a core feature of the Android platform, “it has unfortunately been exploited by malicious actors”.
Government app labels
To continue beefing up anti-scam measures, government apps like ScamShield will display a “Government” icon on the Google Play Store.
PHOTOS: GOOGLE PLAY STORE
As part of Google’s efforts to continue beefing up anti-scam measures, government apps such as Singpass, ScamShield and CPF Mobile will display a “Government” icon on the Google Play Store to prevent users from installing clone apps designed to steal their personal information.
Ms Teo said the labels aim to give users peace of mind when they install apps, amid concerns of fraudsters mimicking official apps to steal funds or sensitive information.
Google did not state how many government apps have the label displayed, but said it is working with more government agencies to place badges on more apps in the Play Store.
The tech giant also announced that it has partnered Singtel and the Infocomm Media Development Authority to make Rich Communications Services (RCS) business messaging available for all users whose devices support the messaging standard.
Most modern Android phones support RCS messages, which are encrypted and considered a more secure alternative to SMSes due to the latter’s vulnerability to being intercepted.
RCS business message recipients will see a “verified” mark guaranteeing the sender’s authenticity.
