In the new Android 14 QPR2 Beta 2 release, "scanning for deceptive apps" page is located at Settings → Security & privacy → More security & privacy. Once activated, this feature is expected to scrutinize "app activity for phishing or other deceptive behavior" by examining the app for signs of deceptive activities. Google assures that the scanning process occurs privately on the user's device. If phishing or deceptive behavior is detected, "some app info" is transmitted to Google Play Protect for threat confirmation and user warnings. Specifics on how Android will identify deceptive apps are unclear as Google has yet to officially announce or provide documentation for this feature. A preliminary examination of Android 14 QPR2's decompiled source code reveals a new system service named "ContentProtection," which appears designed to detect when an app attempts to display a password field. This involves checking for common password-related strings like "password," "pass word," and "code." The system also seems to scrutinize user requests for related terms such as "user," "mail," "phone," "number," "login," "log in," and "sign in." Android incorporates a blocklist to prevent the application of this mechanism to certain apps, and it checks whether an app is a system app or requests Internet permission.
Android's upcoming anti-phishing measure is a recent addition to the real-time security features implemented by Google Play Protect. Although malware is known to evolve rapidly to evade detection, the effectiveness of Android's built-in feature remains to be seen. Nevertheless, any feature contributing to enhanced security is a positive development, and it is hoped that this measure can prevent users from falling victim to malicious third-party entities seeking login credentials.
No comments:
Post a Comment