Google is on a mission to make Android safer and more secure—and that all starts with Play Store. With the threat from malware still much worse than on iPhones, Google is locking down its ecosystem more than ever before. While Samsung — Android’s leading OEM — is going further and faster to do the same.
But despite all these changes, which include culling low-quality, high-risk apps and bringing live threat detection to devices through an Android 15 upgrade, users remain at risk from ever more sophisticated malware attacks on an industrial scale.
So it is with the latest warning that users are losing thousands of dollars to a new attack that tricks them into pausing the security on the phone just losing enough for cyber criminals to download and install a malicious application.
This attack starts on WhatsApp or TikTok, with victims responding to fraudulent advertisements on Facebook or TikTok by leaving their contact details. The attackers then contact them via WhatsApp to request a small “membership fee” through a dressed-up phishing website. The credit card transaction would fail, at which point the attackers provide a link to an app to resolve the problem.
This is when Google’s defenses should kick in. But the attackers “would guide their victims to configure settings in their devices to disable Google Play Protect, which helps to prevent harmful downloads,” according to reports from Singapore where this new attack has been identified.
Google and Samsung are tightening their restrictions, and we’re heading towards a time when disabling Play Protect will be much more difficult than now. In the meantime, though, you must never do this — especially not when engaging with a third-party by email, message or call. In reality, you should never have cause to disable those defenses, unless there is a specialist app you can absolutely vouch for as regards it origins and functionality and which triggers a risk flag for some reason.
Put as simply as possible — stop using the setting to disable or pause Play Protect. Doing so is almost always dangerous and for almost all users is never needed. As live threat detection rolls out across devices, it will become ever better at flagging such risks and pushing users to disable or delete errant apps. Make sure you use those defenses, Google’s mission to shore up Android will fail if you don’t.
