Last year, Google announced that Play Protect would prompt you to scan unknown Android apps before sideloading. Google is now piloting enhanced financial fraud protection for Play Protect.
Play Protect will “analyze and automatically block the installation of apps that may use sensitive runtime permissions frequently abused for financial fraud when the user attempts to install the app from an Internet-sideloading source (web browsers, messaging apps or file managers).”
This enhancement will inspect the permissions the app declared in real-time…
Google is specifically looking for financial fraud apps that request the RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility permissions. They can be used by fraudsters to intercept one-time SMS or notification-based passwords and spy on screen content.