Google Play Protect, since its inception, has been scanning installed applications for malware, yet concerns persist over the security of customers’ banking apps. The vulnerability lies in the potential exploitation of one-time passwords (OTP) received via SMS, enabling hackers to gain unauthorized access to victims’ bank accounts.
To address these security challenges, Play Protect will now scrutinize the permissions sought by apps, particularly those most frequently exploited by hackers: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility. This new functionality, unveiled by Google for Play Protect, enables monitoring of incoming SMS messages and notifications, while also preventing unauthorized device usage via accessibility permission.
Developed in collaboration with the Cyber Security Agency of Singapore, this feature is currently exclusive to users in Singapore, marking the initial rollout of Google’s fraud prevention tool. Through continuous monitoring of app permissions, Google aims to provide users with enhanced security, particularly when accessing banking applications.
According to Google, this proactive approach ensures safer usage of banking apps, especially when users install third-party applications, such as APK files sourced from the internet. In instances where an app requests all four specified permissions, users will receive a comprehensive report highlighting potential security risks.
The decision to prioritize the scrutiny of these four permissions—RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility—reflects a strategic move to mitigate the risk of unauthorized access to users’ bank accounts. By limiting the data accessible to apps and preventing the interception of SMS and notifications, Google aims to bolster overall user security and confidence in mobile banking applications.