Google rolls out enhanced Play Protect, blocks installs of risky sideloaded apps
Google has rolled out enhanced fraud protection features in Google Play Protect to Android users in Malaysia, aimed at stopping scam-related apps before they can be installed. This move is being supported by Malaysia’s National Cyber Security Agency and National Security Council, and was announced during the Google 2026 Online Safety Dialogue attended by Communications Minister Fahmi Fadzil.
The biggest change is how Play Protect handles sideloaded apps. You’ve probably heard how open Android can be, allowing you to install APK files outside the official Play Store, but this openness of the ecosystem is often abused in scam campaigns. With the enhanced protection, Play Protect will now analyse apps in real time before installation, especially those downloaded from browsers, messaging apps or file managers.
If the app requests permissions commonly abused by scammers, such as reading SMS messages or intercepting one-time passwords (OTPs), the installation will be automatically blocked. Users will also receive a warning explaining that the app may pose risks such as identity theft or financial fraud. This targets a common scam method where victims are tricked into installing malicious APK files that can steal banking credentials or OTP codes.
That’s not to say that all sideloaded are gone. There are some ways to still sideload your apps, it’s just that you’ll need to go through a lengthy process before you’re able to install random APK files. This gives power users the opportunity to still take advantage of Android’s ecosystem, while still protecting the general public from scams and fraudulent apps.
📣 Sideloading is here to stay.
— Android Developers (@AndroidDev) March 19, 2026
Users will be able to install apps from unverified developers via a new advanced flow, which includes safeguards that stop scammers and maintain choice.
Learn more about how Android developer verification is evolving → https://t.co/eQWedAMc4t pic.twitter.com/vfjxzQPihQ
Alongside Play Protect improvements, Google also announced stricter verification measures for developers and financial advertisers. Mandatory Android developer verification will be rolled out to prevent repeat offenders from publishing harmful apps. By 2027, all apps on certified Android devices in Malaysia must come from verified developers.
Google has also introduced financial services verification, which took effect on 14 April 2026. Advertisers promoting financial services must now be verified by regulators such as Bank Negara Malaysia and Securities Commission Malaysia before they can run ads on Google platforms.
“Strengthening online safety and platform accountability is a national priority. We are encouraged by Google’s proactive introduction of enhanced safeguards across its platforms, which serve as a critical defense against evolving cyber risks.
By combining technology with partnerships and local community outreach, the company’s initiatives support our national ‘Kempen Internet Selamat’ and ensure that every Malaysian is empowered with the knowledge and tools to stay safe and informed in this digital age,” – Datuk Fahmi Fadzil, Communications Minister
On top of that, the tech giant is also expanding its anti-scam awareness efforts with a new Bahasa Malaysia version of its “Be Scam Ready” interactive learning game, expected to launch in Q3 2026. The initiative is part of the wider Scam Ready ASEAN program led by the ASEAN Foundation and funded with a USD5 million grant from Google.
Read more of our articles below!
