Google Cracks Down on Sideloaded Apps with New AI-Powered Security

Google is ramping up its efforts to enhance the security of Android devices, addressing long-standing concerns around app permissions and sideloading risks. These measures are part of a broader initiative to close the security gap between Android and Apple’s iPhone.

With the introduction of new AI-powered live threat detection and stricter controls, Google aims to protect its billions of users from the increasing threat of malicious apps.

One of the key changes is a stronger focus on the dangers of sideloading apps—when users download apps from sources outside the official Google Play Store.

While this practice has long been popular among Android enthusiasts, new data reveals that over 95% of malware linked to financial fraud comes from sideloaded apps.

Risky permissions

These malicious apps often exploit sensitive permissions to intercept SMS messages, spy on screen content, or gain access to private notifications, enabling cybercriminals to steal banking information and other sensitive data.

The permissions that pose the highest risk include:

• RECEIVE_SMS
• READ_SMS
• BIND_Notifications
• Accessibility

These permissions are frequently abused by malicious apps that aim to steal one-time passwords sent via text messages, access notifications, or monitor user activity, including within financial apps.

Changes to Play Protect

In response, Google is rolling out Enhanced Fraud Protection through its Play Protect security system.

Play Protect already monitors apps downloaded from the Play Store for malware and other threats, but the new system goes further, automatically blocking potentially harmful apps that request these sensitive permissions if they are sideloaded from unverified sources.

When a user attempts to install such an app, Play Protect will block the installation and provide an explanation as to why it was stopped.

Fig 1. Play Protect blocks a malicious app installation. Source: Google

This enhanced protection is being deployed globally, starting with India. The rollout follows a successful pilot program in Singapore, where nearly 900,000 high-risk app installations were blocked.

Since its initial launch, Google Play Protect’s AI-powered threat detection system has identified over 10 million malicious apps worldwide, offering significant protection against cyberattacks.

In addition to detecting and blocking malware, the system provides real-time scanning, meaning it can flag new threats as soon as they appear on a user’s device.

This proactive approach aims to stop malware before it can cause harm, rather than relying solely on reports from users or after-the-fact analysis.

App developers

Google is also urging app developers to review the permissions their apps request. Developers are encouraged to follow best practices and minimize the use of sensitive permissions unless absolutely necessary.

The company has signaled that it will be taking a stricter stance on apps that overstep in terms of the permissions they ask for, particularly when it comes to financial information.

Wrapping Up

These new efforts are just one part of Google’s broader mission to create a more secure Android ecosystem.

The company is working closely with governments, industry partners, and other stakeholders to ensure a safer mobile experience for users everywhere.

As cyber threats continue to evolve, Google’s focus on permission abuse and sideloading risks reflects a proactive approach to tackling the most pressing security challenges facing Android users today.

The enhanced protections being tested in India will likely be expanded to other regions in the coming months, offering Android users worldwide better defense against sophisticated malware and cyberattacks.