Google is preparing to strengthen Android security by expanding the safety measures deployed when a user installs a new application, regardless of the app's source.
The ability to install apps from multiple sources, even from outside of official stores, is one of Android's strengths. At the same time, it's one of the biggest security challenges the platform faces as criminals try to leverage this functionality in their interest.
Sideloading is the name of the manual installation process of an application, and it's one of the main avenues attackers use when trying to compromise Android devices. Of course, official stores are not completely safe either. Google, for example, routinely prunes its store when security researchers find dangerous apps that fall through the cracks and are available for anyone to download.
One of the ways to ensure that an Android device is not compromised after a user sideloads an app is to check what permissions the application requires. In most cases, attackers try to get access to a specific selection of permissions, including Accessibility, that gives them a lot of power once the app is installed.
"This enhanced fraud protection will analyze and automatically block the installation of apps that may use sensitive runtime permissions frequently abused for financial fraud when the user attempts to install the app from an Internet-sideloading source (web browsers, messaging apps or file managers)," saidGoogle.
"This enhancement will inspect the permissions the app declared in real-time and specifically look for four runtime permission requests: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility," Google added. "These permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on screen content."
The company said that, after looking at some of the most prominent malware families, it found that 95 percent of installations came from sideloading.
For now, this new type of protection is only available to people in Singapore, as a pilot initiative. When all or any of these four permissions are declared by an application during installation, the system will block the installation completely.
This pilot initiative in Singapore is also a warning to developers who make legitimate apps that they must adhere to best practices and ensure that their apps don't ask for permissions they don't need.