Since its launch, Google Play Protect has been scanning installed apps for malware, however this still does not guarantee that customers’ banking apps are 100% safe. Hackers merely need to gain access to the one-time password (OTP) that users received through SMS, enter the right verification code, and they can easily access the victim’s bank account.
Fraud protection on Google Play Protect
Play Protect will now check on the permissions an app requires, the ones that hackers most frequently abuse: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accesibility. This is a brand-new functionality that Google revealed for the Play Protect. Hackers can view incoming SMS messages and notifications with these permissions, and they can even use the device without the user’s awareness with accesibility permission.
Fraud protection on Play Protect
Since this functionality was developed in collaboration with Cyber Security of Singapore, Google only makes it available in Singapore for now. Users in Singapore will be the first to receive this fraud prevention tool from Google. This is a new feature from Google that always keeps an eye on what apps are doing in the background regarding permissions.
Google states that this allows users to use banking apps safely. Play Protect fraud protection kicks in when users install a third-party application, such as an APK file downloaded from the internet. If the app requests all 4 permissions, a report will be provided to the user.
It’s a really smart move to check these four permissions: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accesibility. This stops hackers from spying on SMS and notifications coming into the user’s phone, thereby limiting users’ data given to the app so hackers can’t access the user’s bank account.