Why Singapore Mandated Apple and Google to Halt Digital Impersonation Scams on Messaging Apps
Key Points:
- Singapore has mandated Apple and Google to deploy anti-spoofing measures on iMessage and Google Messages to prevent the misuse of official government sender IDs
- The directive aims to close the specific gap where scammers spoof the government’s legitimate “gov.sg” SMS sender ID on these over-the-top (OTT) chat services
- Government impersonation scams are among the fastest-growing fraud categories in Singapore, with victims losing approximately S$126.5 million in the first half of 2025 alone
Singapore has issued a directive to global tech giants Apple and Google. The government has mandated that the companies implement new safeguards on their flagship messaging platforms, iMessage and Google Messages, specifically to stop government impersonation scams that have cost citizens millions. The regulatory action has been issued under the new Online Criminal Harms Act (OCHA).
The Regulatory Imperative: Why Apple and Google Must Act
The Singapore Police Force (SPF), under the Ministry of Home Affairs (MHA), issued implementation directives requiring both tech firms to comply by November 30, 2025. This move acknowledges that while the government has successfully cracked down on scam text messages via traditional SMS using the Singapore SMS Sender ID Registry (SSIR), scammers have pivoted to exploiting OTT messaging platforms.
A key loophole identified by the authorities is the impersonation of the unique “gov.sg” sender ID. Legitimate government agencies in Singapore use this specific ID for standard SMS communications, offering users an easy way to verify authenticity. However, this system does not apply to iMessage or Google Messages. Scammers have been leveraging this distinction, setting their profile names to mimic the official ID to create convincing and fraudulent messages. The MHA noted that the police have already seen scams involving the impersonation of other registered sender IDs, including over 120 cases linked to fake SingPost identities, reported by CNA.
The Ministry of Home Affairs stated that there is “therefore a need to put in place measures to deter the abuse of iMessage and Google Messages by scammers.”
The New Safeguards: How the Mandate Works
The directives issued to Apple and Google outline two primary measures designed to combat digital impersonation scams:
Sender ID Suppression and Filtering
The tech giants must prevent accounts and group chats on their platforms from displaying names that spoof the “gov.sg” sender ID or the names of other government agencies. This means unauthorized accounts using these official names must either be blocked or their messages filtered out completely.
Prioritizing Phone Numbers
For messages originating from unknown senders, the platforms must ensure that the profile names are either not displayed, or are shown significantly less prominently than the sender’s phone number. The MHA explained that this measure will help users “better identify and exercise caution with unknown senders.” This is a critical intervention. By mandating the prioritization of the phone number over an easily spoofed profile name, Singapore is shifting the burden of verification away from the user and onto the platform, creating a “security-by-design” approach to messaging.
The Rising Tide of Digital Impersonation Scams
The urgency of this mandate is underscored by the alarming rise in fraud. Police data revealed that government officials impersonation scams nearly tripled in the first half of 2025, surging by 199.2% to 1,762 cases compared to the previous year. These scams were the second-costliest type of fraud during that period, accounting for roughly 34% of total scam losses.
The scams often involve victims receiving unsolicited calls or messages, allegedly from agencies like the Singapore Police Force (SPF), claiming issues with bank accounts or requiring urgent verification. The victims are manipulated into providing banking credentials or One-Time Passwords (OTPs), only discovering the fraud later when unauthorized transactions are made, reported by ScamShield.
The city-state is not just tackling the volume of scams but the sophistication of digital impersonation scams. The new mandate is a powerful signal that platform operators, who provide the communication infrastructure, must be active partners in protecting their users from criminal abuse.
Apple and Google have both confirmed to the MHA that they will comply with the Implementation Directives.
