Bob Sullivan

Google has added a novel scam-fighting technique to the beta version of its newest Android operating system, and the company deserves kudos for that.  Essentially, a software tweak will prevent users from installing (“sideloading”) rogue apps  during a phone call — adding friction to a tactic criminals often try.   It’s unclear how effective this small change might be,  but it’s great Google engineers are thinking this way.

Android Authority has all the details.

As many of you know, one of my jobs is to host The Perfect Scam podcast for AARP.  Every week I interview the victim of a horrible crime, and tell their entire story from soup-to-nuts. I’ve done more than 100 of these episodes now, and I’m incredibly proud of the work we’ve done, and very grateful to AARP for its ongoing investment to help protect people from fraud. These podcasts also create a valuable library of criminal tactics and techniques, along with a realistic view of victims’ plight.

Many emotional, societal, and financial factors contribute to making people vulnerable to romance scams, crypto scams, impersonation scams, etc. It’s easy to imagine you and your loved ones would never be the victim of such a crime, but you’re dangerously wrong. Any of us can be victimized under the right circumstances. A massive, global, and very profitable industry that’s fueled by human trafficking is now devoted to creating those “right circumstances,” and soon, artificial intelligence will be a large part of their playbook.

I often point out that every one of my stories involves touchpoints with multiple technology companies which enable these crimes.  The victim is first contacted by Facebook messenger via an affiliate group; the conversation escalates on WhatsApp; the fake customer service number ranks high on Google; the money is sent through cryptocurrency.  You get the idea.  Tech companies can and must do more to uncover criminal tactics and at least not make things so easy for the bad guys.  Some firms don’t have a great track record of this. Meta is very, very slow to take down impersonation accounts that are used for ongoing crimes, for example.

So I’m glad to throw some flowers at Google today. One technique a criminal can use is to call a victim, engage them in conversation (“We’re from your Internet provider and your modem has been hacked!”) and then walk them through sideloading a malicious app on their phone.  Google’s Android smartphone software (which I prefer) has always been more dangerous than Apple’s software because Android is a more open system. So disabling the sideloading of apps during a phone call is a good step; it’s hard to imagine a need for that capability.  Naturally, a criminal could tell a victim to hang up, install the software, and then call back. But as Android Central put it, adding this speed bump will certainly help a little, and it might help a lot. AARP research has shown that any conversation with a third party can stop a scam in its tracks, so the hang-up-and-call-back friction might create a moment for such conversations. It won’t hurt, anyway.

I’d love to see more engineers step up and add speedbumps that are designed to frustrate criminals.  If you have any ideas, I’m all ears. And I’ve got more flowers to throw!