Google Play Protect was updated in late 2023 to keep Android devices safer from malicious apps in countries like Brazil. The tool protects Android devices by scanning for potentially harmful apps before downloading. But a future update will help the mechanism prevent financial fraud as well.

What is Google Play Protect?
Google Play Protect is a service that scans Android for potentially malicious apps before downloading. The tool can also remove harmful apps that have already been installed, as well as warn about software that violates the platform’s privacy policies or behaves suspiciously.

A recent update has made Google Play Protect able to identify malicious apps that use ingenious methods to evade detection, such as artificial intelligence engines.

This feature officially went live in India in October 2023 and has subsequently been rolled out in Thailand, Singapore, and Brazil. The results are already compelling: Google explains that the feature has made Play Protect identify more than 515,000 malicious apps and issue more than 3.1 million warnings or blocks related to them.

Protection against financial fraud
Google also wants to make Play Protect able to detect and prevent financial fraud involving rogue apps. To do this, the company will start a test with the tool that will have it analyze the installation of applications that use sensitive runtime permissions. If anything suspicious or malicious is found, the app will be automatically blocked.

Among these permissions are READ_SMS, which allows the app to read SMS messages sent to the cell phone, and BIND_Notifications, which gives access to the device’s notification history. It makes sense, after all, this information can be intercepted to collect passwords or verification codes, for example.

The real-time check of these permissions will be performed by Google Play Protect whenever the user tries to sideload an app, i.e. download the app from web pages or other sources other than the Google Play Store.

The reason for this is that in a survey, Google found that more than 95% of malware and fraudulent apps that exploit sensitive permissions come from sideloaded installations.

In the pilot phase, but with potential
Google Play Protect’s verification of sensitive permissions will begin in the coming days in Singapore, in a pilot phase. The initiative is the result of a partnership with the country’s cybersecurity agency.

Presumably, the pilot phase aims to assess whether the protection will not block legitimate apps or, worse, whether it will allow malicious apps to be installed on the user’s device.

It is to be expected that, after the tests advance, the protection against financial fraud will be expanded to other countries, including Brazil. There’s just no official deadline for that to happen.