Google continues to explore ways to block sideloaded apps under the premise that this is something needed to combat fraud and scams. A sideloaded app is an app installed on a device through means other than the device’s official app store, allowing users to bypass Big Tech control.
A new testing ground is India, where the US tech juggernaut is launching a pilot – a part of the Google Play Protect, that it calls “enhanced fraud protection.”
Google said it was “excited” to include India in this experiment, after Singapore, Thailand, and Brazil.
Sideloaded apps are a major thorn in Google’s and Apple’s side since they provide users with a way to bypass official stores.
This is a threat not only to the giants’ exorbitant revenues collected from these stores, but also to their ability to control, and if need be, censor, i.e., remove apps.
Google is of course selling its desire to efficiently ax even the sideloaded ones as a positive development that is designed solely to protect users from fraud.
But the truth is that once Google introduces this type of blocking, it could decide to block any type of app. The criteria the pilot now uses are specific permissions (RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility), and Google’s interpretations thereof.
Google claims that “major fraud malware” exploiting the four permissions is almost exclusively (95 percent of cases) happening via sideloaded apps. It doesn’t, however, say that the presence of these permissions automatically means an app is malicious – because there is no way to prove that.
Nevertheless – “after the pilot begins, when a user in India attempts to install an application from an internet-sideloading source and any of these four permissions are declared, Play Protect will automatically block the installation with an explanation to the user,” the company said.
Knowing Google, the “explanation” will probably be along the lines of, “The app’s been blocked – good luck.”
No word on whether a user is able to “appeal” the decision in order to still go ahead and install their app of choice, and it doesn’t seem so – Google is talking about automatic blocking, not warnings.
Reports say that in Singapore, Google was able to use the pilot to block 900,000 installations. These were not actually proven to be fraudulent, but are treated as “high risk.”
If the pilot becomes a feature on Android, it will be up to Google to decide what is a “high-risk” app, and expand or reduce the list of permissions it chooses to classify as “frequently abused by fraudsters.”