As India grapples with a surge in online fraud and scams, Google is taking decisive steps to combat this growing issue. During its annual Google for India event, the tech giant announced a significant policy shift aimed at enhancing user security: a pilot program that will block certain sideloaded apps — specifically those downloaded directly from the internet, bypassing the Google Play Store.
This move is part of Google’s broader initiative to bolster fraud protection measures through Google Play Protect, a security service that scans apps for potential risks. Sideloading, where users manually install apps outside of the Google Play Store ecosystem, has been a longstanding concern in India due to the ease with which malicious apps can exploit the practice. The pilot marks a key moment in Google’s evolving stance toward sideloading, not just in India, but likely other global markets as well.
The Battle Against Malicious Apps
In India, sideloading has presented unique challenges. Last year, Google introduced real-time scanning protection in the country to combat the rise of fraudulent apps. Although the feature blocked many harmful apps, some, like predatory loan apps, still slipped through. Now, Google is raising the stakes with its latest pilot by directly targeting sideloaded apps that pose the highest risk.
The new pilot will not eliminate sideloading altogether. Users will still have the freedom to sideload offline apps or use third-party app stores. Instead, Google’s focus is on blocking installations initiated through specific high-risk methods — namely web browsers, messaging apps, and file managers — if the app requests sensitive permissions. These permissions include access to SMS, notifications, and accessibility features, which are commonly exploited by fraudsters to intercept sensitive data such as one-time passwords and financial credentials.
Google outlined that Play Protect will automatically block these installations if it detects apps requesting the following risky permissions:
- RECEIVE_SMS: Intercepts SMS messages, often used to steal OTPs.
- READ_SMS: Reads text messages without user consent.
- BIND_NOTIFICATIONS: Hijacks notifications to spy on confidential information.
- Accessibility: Exploits accessibility settings to monitor user activities and screen content.
This enhanced protection analyzes permissions in real-time, flagging and blocking any apps that could potentially be used for fraud.
Data-Driven Decisions and Global Expansion
Google’s decision to block specific sideloading methods stems from data showing that more than 95% of suspicious app installations came from sources like web browsers and file managers. By focusing on these high-risk entry points, the company aims to drastically reduce the number of malicious apps that make their way onto users’ devices.
Although the exact launch date of the pilot is unclear, Google’s aggressive push for stricter sideloading rules comes as part of its multi-pronged approach to tackling online fraud in India. Just earlier this year, Google rolled out a similar enhanced fraud protection feature in Singapore, where it successfully prevented 900,000 high-risk app installations in just six months. The tech giant is clearly building momentum toward a global rollout of these security enhancements.
Impact in India: A Critical Measure Amid a Worsening Crisis
India has long been a hotspot for online fraud, and Google has made major strides in curbing financial scams through its fraud protection initiatives. The company reports that its existing measures in the country have saved more than $1.55 billion from fraudulent schemes over the past year, with 41 million warnings issued on fraudulent transactions through Google Pay.
Despite these successes, fraudsters are continuously adapting, finding new ways to exploit both technology and human vulnerability. In 2022, a wave of predatory loan apps in India resulted in tragic incidents, with some victims resorting to suicide under the crushing pressure of debt. While the Indian government and the Reserve Bank of India have taken steps to regulate these apps, fraudsters continue to exploit loopholes, targeting unsuspecting individuals.
Recognizing the severity of the situation, Google has ramped up its efforts to partner with local institutions to protect users. The company’s DigiKavach program, launched last year, collaborates with Indian financial firms and government bodies to combat scams, and Google Pay has been integrated with the National Cyber Crime Reporting Portal to facilitate the investigation of fraudulent activities.
What Lies Ahead: Building a Safer Digital Future
Google’s pilot to block high-risk sideloaded apps is just one component of its broader strategy to address India’s growing online safety concerns. As part of its commitment, the company also announced plans to establish a Google Safety Engineering Center in India by 2025. This center will focus on developing and advancing online safety products and solutions tailored to the needs of Indian users.
The engineering center will bring together Google’s security experts with local policymakers, government partners, and academic researchers. Their shared goal will be to tackle the unique safety challenges India faces, including scams and fraud, enterprise and government security, and cutting-edge security research and development.
While the pilot program won’t eliminate sideloading entirely, it is a powerful step toward creating a more secure mobile environment for Indian users. Google’s renewed focus on fraud prevention, bolstered by its data-driven approach and collaborative efforts, reflects the company’s growing understanding of the nuanced challenges facing the Indian digital landscape.
By blocking malicious apps at their source and investing in local security innovations, Google is setting the stage for a safer, fraud-free digital experience — not just for India, but potentially for users worldwide. As the company continues to tighten its security measures, users can expect a more robust defense against the persistent threat of online fraud.
