Android to Tackle Data Harvesting Scam Apps
Submitted by John Lister on Wed, 09/11/2024 - 13:58
A key change to Android could reduce the risk of scammers stealing personal data or money. The update will mean sensitive apps won't open unless potentially risky apps are closed first.
The idea is to tackle rogue apps which are designed to either capture personal data from another app, or to take control of the phone unbeknownst to the owner.
Developer Choice
Google's new tactic aims to find a balance between restricting the activities of such rogue apps and keeping the freedom of users to choose what apps they install, including those from sources other than the official Play Store.
The change is to Play Integrity, a way legitimate app developers can take advantage of Android security measures. App developers will now be able to set their app to ask the Android operating system whether any potentially risky apps are running before launching. This could be because other apps may have the capability to record a screen or control the device, or because the app isn't known to Google's Play Protect security program.
An example might be a rogue app that has the capability to overlay a transparent background over a banking app, then collects login and password input from the user. Information collected would then be sent to a remote server operated by scammers.
Accessibility Exception
The legitimate app developer can also set their app to only open and run once the user has responded to an on-screen message asking them to close any suspicious apps. It's possible this experience could be frustrating for users, which is one of the reasons Google is leaving it up to app developers to decide whether to enable the feature. (Source: androidauthority.com)
There is one potential catch. Accessibility apps that have passed Google's security vetting will still be allowed to run, even if they include screen recording or similar functions. This is often necessary, for example with a text-to-speech app for visually impaired users. That will put extra pressure on Google to make sure it vets such apps correctly. (Source: gadgets360.com)
What's Your Opinion?
Is this a sensible move? If you use banking or similar apps, would you want the developer to enable this feature? Has Google found the right balance between security and the freedom of choice of developers and users?
Rate this article:
Category:
Need Help? Ask!
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.