Google recently announced a new feature of Google Play Protect, which will block the installation of sideloaded applications that request sensitive permissions on Android devices. Fraudsters frequently leverage these permissions to intercept passwords via SMS or notifications. The feature will specifically scan for four requests from apps in real-time: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility. If Play Protect detects an internet-sideloading source that requests any of these permissions, it will block the installation of the app and provide an explanation to the user. Google is piloting the program in Singapore in cooperation with the Cyber Security Agency of Singapore (CSA). Google will work with CSA to monitor the performance of the pilot on Android devices with Google Play Services and make adjustments before widening the program. Google advised developers to review the permissions their apps request to ensure they do not violate the Mobile Unwanted Software principles.
Read More:
https://www.securityweek.com/google-announces-enhanced-fraud-protection-for-android/