The 2023 Google Bad Apps Report, which provides a yearly update on Google’s fight against malicious actors, developers, and their apps, was released last week and the findings held bad tidings for the Asia Pacific region.
The report revealed that scams and financial fraud in Asia Pacific had significantly increased in the past year and that scammers are adapting their methods to the region to cause more impact.
In a virtual media briefing discussing the report held on Wednesday, April 24, Google Play Asia Pacific head of trust and safety operations Aman Dayal noted that while scams had increased across the region as a whole, the top Asia Pacific nations which experienced an increase in financial fraud scams were India, Singapore, and Thailand.
Dayal additionally enumerated the traits make Asia Pacific a hotbed for scams. First, the region has one of the highest levels of smartphone penetration in the world, with over 90% of the population using a smartphone, and a massive youth population to boot.
These two demographic factors have helped smartphones become a part of daily life. They are utilized to transfer money to family and friends, shop for daily necessities, book rides and flights, and so much more.
Unfortunately, though, this ubiquitous use of smartphones has opened opportunities for bad actors to steal data or funds.
Secondly, many cultures in Asia Pacific deeply trust authority figures, such as their government and banks. Scammers exploit this trait with social engineering attacks, where they pretend to be government agents or representatives of a large bank to pressure their victims into surrendering sensitive information.
Lastly, Dayal pointed out that even though Internet use is booming in Asia Pacific, digital literacy has not kept pace in many parts of the region and specific groups lack the skills to navigate online threats.
Dayal identified the elderly as one segment that is particularly susceptible to deceptive messages and downloading risky apps, but he also cited a recent Google survey that showed users ages 25 to 34 are presently the most vulnerable to scams. This research indicates that bad actors are targeting a wider audience for their attacks.
While the number of scams and malicious apps grew in Asia Pacific, Google was quick to assure users that their defenses are being continuously strengthened to defend against the evolving methods of bad actors.
A critical part of their defense is the multi-layered security implemented in the Google Play Store and Android phones.
Google recorded in their Bad Apps Report that globally, they were able to prevent 2.28 million policy violating apps from being published on Google Play, banned 333,000 malicious developer accounts from the Google Play, and rejected or remediated an estimated 200,000 app submissions to ensure proper use of sensitive permissions.
Furthermore, the technology company has been extending its protections beyond the Play Store. Their first layer of defense focuses on incoming messages as they are a key touchpoint scammers use to reach victims.
For instance, the existing spam detection feature on Google Messages filters incoming messages once enabled.
In certain Asia Pacific nations experiencing a large volume of scams like India, Singapore, and Thailand, Google Messages was even recently enhanced to alert users when scammers are using screen sharing to intercept a one-time passcode or when users tap on a URL from an unknown contact.
Next, there is Google Play Protect, which Dayal describes as built-in malware defense tool on Android phones. This tool checks a users’ device for malware or any other apps exhibiting harmful behavior, including apps that are sideloaded or downloaded from outside the Play Store.
Last year, the tech company updated Google Play Protect to include real-time scanning, which is a feature that analyzes apps at the code-level to combat emerging threats.
Currently, they are piloting a new, added feature for this tool in Singapore and Thailand that aims to directly block the installation of potentially dangerous apps that attempt to access sensitive device provisions commonly used to commit fraud — especially from sideloading.
Dayal, however, stressed that users must also be on the lookout for scams in order to defend against them. Clinical psychologist, Annabelle Chow, was brought in during the briefing to explain how people can defend against scams.
“Understanding what our own vulnerabilities are and also just taking a moment to check before giving out your personal information or your money is quite an important first step,” Chow advised.
Chow further emphasized the need to slow down initial impulses. She said the modus operandi of scammers is to push their victims to commit a mistake by creating a sense of urgency.
For example, they can offer limited time deals that entice victims to quickly give up their credit card details or impersonate an official to intimidate the victim with tight deadlines.
When faced with such urgent situations, she urges people to hold back and think through them before making a decision.
She recommends one way to slow down is to pay attention to notifications sent by technology companies like Google rather than immediately dismissing them, since these alerts are designed to help users take a step back before placing themselves in a risky position.
“This year’s bad apps report is more than just numbers, it’s a timely reminder for all of us about the prevalence of scams and the call to action to actually step up our defenses against financial fraud and scams,” Dayal asserted.
“Let this year’s report be the catalyst that drives us and the ecosystem to take even stronger action against scammers and bad apps.”
