The permissions targeted by Google are linked to the automatic filling of the password or unique code sent via SMS by an online service within the scope of double authentication. Malicious application developers can use these APIs (or development interfaces) to access this sensitive information and then users’ banking or financial applications. Notifications and accessibility settings can also be used to retrieve sensitive information. Google further indicates that, according to its findings, 95% of applications that abused its permissions are sideloaded software.
With its new program, Google can now detect the abusive use of these programming interfaces, and remotely block the installation of applications downloaded outside the Play Store. A pop-up will appear on the screen explaining the reasons for the block. No control will allow the blocking to be overridden in order to protect the user.
Google finally explains that it intends to implement this new user protection system on a global scale, while remembering that installing applications outside the Play Store is not without risks to the confidentiality and security of personal data. So stay tuned if you happen to want to bring back a web app in the coming months.