As more people use their devices for mobile banking and money management, fraudsters and criminals are increasingly using malicious apps to steal money or account information.
Scammers often send phishing messages trying to get you to download a fraudulent app that’s designed to get your financial credentials, either through surveillance or by acting like a legitimate app. These phishing messages may appear to come from a well-known company, like a bank or a delivery service, and require urgent action to resolve an issue quickly. These types of scams affect people all over the world and have grown rapidly in recent years across all mobile operating systems.
Android’s built-in security protections
Android has always offered the ability to download apps from many different sources. And we’ve built in multiple layers of protections and warnings to help you stay safe and make informed choices when downloading apps outside of established app stores.
To celebrate International Fraud Awareness Week, here’s a look at our multi-layered app safety defenses and a reminder of how to use them in your daily life to stay protected.
- Phone by Google: Phone helps protect against voice phishing and scams with built-in caller ID, spam protection and Call Screen1. We will block dangerous calls or warn you about suspicious callers, who may be trying to trick you into downloading an app or sharing sensitive information. If you see a warning, think twice before answering. With Call Screen on Pixel phones, Google Assistant can even answer unknown numbers and find out who’s calling and why – so you can decide whether to pick up2.
- Messages by Google and Gmail: We use AI to spot suspicious messages by assessing the reputation of the sender, looking for known patterns and dangerous links. We will automatically block messages or flag them clearly with a warning. If you see a flagged message, proceed with caution especially before clicking on links and attachments.
- Google Safe Browsing: Safe Browsing provides more protection in cases where a link may have looked legitimate. We’ll warn you if it looks like the site is dangerous and is attempting to phish your credentials. Use the warning to click on the “Go back to safety” option to avoid a bad site.
Chrome browser sends warnings about downloading Android (APK) files that might be harmful
- Chrome download warnings: Chrome warns you when you’re about to download an Android (APK) file. You may not realize a link is about to trigger a download of an app. Take a moment to decide if you actually need to download this app and if it’s necessary, see if you can find it first from reputable app stores, which are more likely to enforce security reviews and app quality standards.
- Android unknown sources: Android, by default, also requires you to opt-into allowing installs from unknown sources, meaning any distribution mechanism that is outside of the Google Play Store and other pre-loaded app stores. This helps ensure you’re not accidentally downloading apps and instead making a very conscious decision to install an app from one of these sources. Some bad actors may try to trick you into allowing installs from sources like your web browser or messaging app in order to get you to install malware through them. So be aware when someone asks you to do that, and confirm that you absolutely trust the source. If you still need the app, try downloading it from an app store if you can.
Google Play Protect proactively scans for harmful apps
- Google Play Protect: Play Protect provides an additional layer of real-time protection for apps installed outside of Google Play. Google Play Protect runs a real-time check of any app you try to install and warns you if an app is known to be malicious from our app database or is suspicious based on other signals. Google Play Protect will recommend a real-time scan for apps that have not been previously scanned before so we can warn you if we find malicious code. If you see this option, use the opportunity to get even more reassurance about an app before you install it. The new real-time scanning for emerging threats began rolling out in India last month and is now expanding to Singapore, Brazil and Thailand. Since its launch, the real-time scanning feature has identified 11,000 new potentially harmful apps and blocked or warned users almost 300,000 times when attempting to install these apps.
Android restricts settings for apps that ask to change critical device settings
- Restricted settings: Android 13 provides even more protections against apps from unknown sources that ask to change critical device settings. For example, for apps that ask for accessibility access, which can be misused by bad actors to spy on you or manipulate your phone, we require you to explicitly enable restricted settings before you can grant accessibility access. We don’t recommend that, so again, confirm that you trust the developer.
Helping you stay safe on Android
We’re continuously improving and adding more proactive Android protections and warnings to help protect you from fraud and other mobile banking scams. With Android, you have the power to choose which apps you want to install and from what sources, but be sure to use our built-in safety protections that can help you make informed decisions and keep your data safe.