Launching enhanced fraud protection pilot in India

Fraud and scams cost consumers more than $1 trillion in losses globally, and it’s one of the most common forms of cyber crime that India witnesses. According to the Indian Cyber Crime Coordination Centre (I4C), in the first four months of 2024 alone, Indians reportedly lost over ₹1,750 crore (over $212 million USD) to cyber-criminals.

Android already provides multiple layers of protections, powered by AI and backed by a dedicated security & privacy team, to help keep users safe from online threats. Google Play Protect, Android’s built-in app security system, already scans 200 billion apps on devices every day to help users stay safe from harmful apps.

Keeping up with the cyber threat landscape requires constant innovation. For example, to better protect users in India against novel malicious internet-sideloaded apps, last year, we launched Google Play Protect real-time scanning. This has already identified over net-new 10 million malicious apps globally.

A new pilot to combat financial fraud

We're expanding Google Play Protect’s security capabilities with enhanced fraud protection to help keep users safe when they install apps from Internet-sideloading sources, such as web browsers, messaging apps and file managers. With enhanced fraud protection pilots successfully launched in Singapore, Thailand and Brazil, we’re excited to bring this Google Play Protect pilot to India. This initiative has already shown promising results, blocking nearly 900,000 high-risk installations in Singapore alone.

This enhanced fraud protection will analyze and automatically block the installation of apps that may use sensitive permissions frequently abused for financial fraud. It will inspect the permissions the app declared in real-time and specifically look for permission requests that are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on screen content (they are RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility).

Based on our analysis of major fraud malware families that exploit these sensitive permissions, we found that over 95 percent of installations came from Internet-sideloading sources.

After the pilot begins, when a user in India attempts to install an application from an Internet-sideloading source and any of these four permissions are declared, Play Protect will automatically block the installation with an explanation to the user.

How developers can prepare

For developers distributing apps that may be affected by this pilot, now is a good time to review the permissions your app is requesting and ensure you’re following developer best practices. You can also check out the latest resource to learn about how to safeguard user data. If you find that your app is affected by an enhanced fraud protection pilot, you can refer to our updated developer guidance for Play Protect warnings for tips on how to help fix potential issues with your app and instructions for filing an appeal if needed.

The pilot for enhanced financial fraud protection will start next month and will gradually roll out to all Android devices with Google Play services in India.

Collaborating to protect Android users

Building a truly secure mobile experience is a collaborative effort, and we’re committed to working with governments, industry partners and other stakeholders to help you to be safer.

Sugandh Saxena, CEO, Fintech Association for Consumer Empowerment: "Giving people safe platforms to access digital financial services rests on several pillars. Our work tells us that fraudsters are misusing open web links to distribute malicious apps to harm customers in various ways. Google's enhanced fraud protection pilot will be a vital toolkit to plug a critical gap in protecting customers from financial crimes. We believe this initiative will help combat such frauds and we look forward to contributing to the program."

Manish Agrawal, Senior Executive Vice President & Head - Credit Intelligence & Control, HDFC Bank Limited: "Rapid digitisation of financial transactions in India over the past few years has spelled convenience to millions of people. It also requires consumers to be vigilant against cyber fraudsters. HDFC Bank is committed to educating about safe digital banking practices with multiple initiatives through the year. Google's new pilot, Google Play Protect Enhanced Fraud Protection, is another step towards user security and app protection. The new feature proposes to protect the user against harmful apps and malware being downloaded onto their device. In the ongoing fight against digital frauds, concerted efforts by all stakeholders are the key to make a safe digital banking environment for all."