Google has unveiled its Safety Charter in India, which will expand its AI-led developments for fraud detection and combating scams across the country, the company’s largest market outside the United States.
Digital fraud in India is rising. Fraud related to the Indian government’s instant payment system UPI grew 85% year-over-year to nearly 11 billion Indian rupees ($127 million) last year, per the government’s data. India also saw several instances of digital arrest scams, where fraudsters pose as officials to extort money via video calls and predatory loan apps.
With its Safety Charter, Google aims to address some of these areas. The company has also launched its security engineering center in India, its fourth center after Dublin, Munich, and Malaga.
Announced at the Google for India summit last year, the security engineering center (GSec) will allow Google to partner with the local community, including government, academia and students, and small and medium enterprises to create solutions to solve cybersecurity, privacy, safety, and AI problems, said Google VP of security engineering Heather Adkins in an interview with TechCrunch.
Google has partnered with the Ministry of Home Affairs’ Indian Cyber Crime Coordination Centre (I4C) to raise awareness of cybercrimes, the company said in a blog post. This builds upon the company’s existing work, including the launch of its online fraud identification program, DigiKavach, which debuted in 2023 to restrict the harmful effects of malicious financial apps and predatory loan apps.
With its GSec in India, Google will focus on three key areas, Adkins told TechCrunch: the phenomenon of online scams and fraud and how people are safe online; the cybersecurity of enterprises, government, and critical infrastructure; and building responsible AI.
“These three areas will become part of our safety charter for India, and over the coming years… we want to use the fact that we have engineering capability here to solve for what’s happening in India, close to where the users are,” said Adkins.
Globally, Google is utilizing AI to combat online scams and remove millions of ads and ad accounts. The company aims to deploy AI more extensively in India to combat digital fraud.
Google Messages, which comes preinstalled on many Android devices, uses AI-powered Scam Detection that has helped protect users from over 500 million suspicious messages a month. Similarly, Google piloted its Play Protect in India last year, which it claims has blocked nearly 60 million attempts to install high-risk apps, resulting in the stopping of more than 220,000 unique apps on over 13 million devices. Google Pay, which is one of the top UPI-based payment apps in the country, also displayed 41 million warnings against transactions suspected to be potential scams.
—
Adkins, a founding member of Google’s security team who has been part of the internet company for over 23 years, discussed several other topics during an interview with TechCrunch:
Adkins said one thing top of mind is the use and misuse of AI by malicious actors.
“We’re obviously tracking AI very closely, and up until now, we’ve mostly seen the large language models like Gemini used as productivity enhancements. For example, to make phishing scams a bit more effective — especially if the actor and the target have different languages — they can use the benefit of translation to make the scams more believable using deepfakes, images, video, etc.,” said Adkins.
Adkins said Google is conducting extensive testing of its AI models to ensure they understand what they should not do.
“This is important for generated content that might be harmful, but also actions that it might take,” said Akins.
Google is working on frameworks, including the Secure AI Framework, to restrict the abuse of its Gemini models. However, to protect generative AI from being misused and abused by hackers in the future, the company sees the need for a framework to build safety for how multiple agents communicate.
“The industry is moving very, very quickly [by] putting protocols out. It’s almost like the early days of the internet, where everybody’s releasing code in real time, and we’re thinking about safety after the fact,” said Adkins.
Google does not want to introduce merely its own frameworks to limit the scope of generative AI being abused by hackers. Instead, Adkins said the company is working with the research community and developers.
“One of the things you don’t want to do is constrain yourself too much in the early research days,” said Adkins.
On surveillance vendors
Alongside generative AI’s potential for abuse by hackers, Adkins sees commercial surveillance vendors as a significant threat. These can include spyware makers, including NSO Group, which is infamous for its Pegasus spyware, or other small enterprises selling surveillance tools.
“These are companies spun up all over the world, and they develop and make and sell a platform for hacking,” said Adkins. “You might pay $20, you might pay $200,000, just depending on the sophistication of the platform, and it allows you to scale attacking people without any expertise on your own.”
Some of these vendors also sell their tools to spy on people in markets, including India. However, apart from being targeted by surveillance tools, the country has its own unique challenges in part for its size. The country sees not only AI-led deepfakes and voice cloning frauds, but also instances of digital arrests, which Adkins underlines are just regular scams adapted for the digital world.
“You can see how quickly the threat actors themselves are advancing… I love studying cyber in this region because of that. It’s often a hint of what we’re going to see worldwide at some point,” said Adkins.
On multi-factor authentication
Google has long encouraged its users to use more secure authentication methods beyond passwords to protect their online presence. The company switched on multi-factor authentication (MFA) for all user accounts in the past, and also promotes hardware-based security keys, which Adkins mentioned by pointing to its employees actively using their laptops. Passwordless is also becoming a popular tech term, with various meanings.
Nonetheless, expecting people to abandon passwords in a market like India is hard due to its vast demographics and diverse economic landscape.
“We knew for a very long time that passwords were not secure. This concept of a multi-factor authentication was a step forward,” said Adkins, adding that Indians likely favor SMS-based authentication over other MFA options.
