AFAIK this only applies within Singapore (not sure if this applies to visiting devices) for apps requesting certain permissions (RECEIVE_SMS, READ_SMS, BIND_NOTIFICATIONS, and accessibility) downloaded outside of app stores (F-Droid is fine) and opened directly on the device (adb install is fine).
You can probably bypass the restriction by just disabling Play Protect if you don't want Google to tell you what you can and cannot install, but I'm not in Singapore so I can't confirm if that will work or not. That said, Google has made it impossible to disable Play Protect while on a call, that's probably a smart move.
Based on this article from the Singapore police, the approach doesn't seem to have helped much: https://www.police.gov.sg/media-room/news/20250417_police_ad...
> In some cases, before downloading the malicious APK file, victims would also be guided to disable Google Play Protect that helps to prevent harmful downloads. Once Google Play Protect is disabled, victims would not receive alerts that there is malware introduced into their mobile phones. Victims may also be asked to download Virtual Private Network (VPN) applications from Google Play Store which would facilitate scammers’ connection to their Android device. Scammers would then be able to bypass the banking anti-malware measures and remotely access the victims’ banking accounts with the phished ibanking login credentials.
> Pang is just one of tens of thousands of Singaporeans to fall foul of scams last year, who lost a total of S$1.1bn, according to police, a 70 per cent increase on the previous year. The true figure could be even higher, according to the Global Anti-Scam Alliance, which estimates that more than two-thirds of Singaporean victims did not report their experience.
> This is a small part of a global criminal enterprise worth an estimated $1tn, but Singaporeans, affluent, digitally advanced and compliant, are particularly vulnerable to these scams. As one person involved in the recovery of assets put it: “They are rich and naive”.
This is blaming the victim, and I'm not having it.
The problem has been that BankCorp are all forcing us into online pathways because it's cheaper for BankCorp. Of course, they don't put good security on the pathways because that would dramatically increase the customer support cost for BankCorp. Getting scammed is "just sucks to be you" because that costs LittlePlebian.
The "solution" is that liability for these kinds of scams need to be on BankCorp, period. LittlePlebian simply cannot be expected to protect themselves from every professional scammer in the universe beyond very basic measures. Bitcoin people regularly get scammed and they are supposedly more "sophisticated" than the average bear. Nobody less sophisticated stands a chance against the professionals.