Apple and Google ordered to block spoofing of Singapore government on messaging apps

The Singapore Police Force (SPF) has directed Apple and Google to implement measures to stop government spoofing scams on their messaging platforms, iMessage and Google Messages.

According to a Ministry of Home Affairs (MHA) press release on 25 November 2025, these measures are intended to counter scams that misuse the “gov.sg” SMS sender ID and government agency names to deceive the public.

Under the new directives, Apple and Google must prevent accounts and group chats from using names that mimic “gov.sg” or other government entities. Messages from such impersonating sources must be filtered or restricted.

Additionally, the companies are required to modify their apps to either hide or downplay the profile names of unknown senders, giving users more clarity and warning when receiving suspicious messages.

The directives were issued by the police under the Online Criminal Harms Act. The companies are required to comply by Sunday.

MHA stated that both Apple and Google have indicated their intention to comply with the instructions.

“We urge the public to regularly update the iMessage and Google Messages apps on their mobile devices, to ensure that the latest anti-spoofing safeguards are in place,” MHA said in its statement.

Rise in impersonation scams prompts action

The directives follow a sharp increase in scams involving the impersonation of government officials.

According to police data, such scams surged by 199.2 per cent in the first half of 2025, rising to 1,762 cases from 589 during the same period in 2024.

These cases caused losses of approximately S$126.5 million, making them the second-highest scam type by financial loss.

Impersonation scams represented around 28 per cent of all scam cases and accounted for 34 per cent of total scam-related losses in the first half of 2025.

Government agencies currently use the “gov.sg” sender ID to send SMSes so that the public can identify official messages. However, these safeguards do not extend to iMessage and Google Messages.

“While we have imposed this and other safeguards like the SMS Sender ID Registry (SSIR) on SMSes, they currently do not apply to messages sent via iMessage and Google Messages,” MHA noted.

Scams using official sender names on messaging apps

Although “gov.sg” is not used for iMessage or Google Messages, the messages on these apps often appear alongside SMSes and may seem equally credible to recipients.

MHA revealed that there have already been scams involving other SSIR-registered sender names being spoofed on iMessage and Google Messages.

These included more than 120 reported cases involving impersonations of SingPost.

“There is therefore a need to put in place measures to deter the abuse of iMessage and Google Messages by scammers,” the ministry stated.

Legal backing under Online Criminal Harms Act

The police’s authority to issue such directives comes from the Online Criminal Harms Act, passed in July 2023.

The Act allows authorities to require online service providers to implement systems, processes, or other measures to prevent or respond to offences committed online.

Failure to comply with an implementation directive without a reasonable excuse may result in fines of up to S$1 million (approximately US$770,000).

If the violation continues, an additional fine of up to S$100,000 may be levied for each day of non-compliance after conviction.

First directive under OCHA issued to Meta in September

The latest directives to Apple and Google follow a similar move in September 2025, when the Competent Authority under the Online Criminal Harms Act—located within SPF—issued its first Implementation Directive to Meta.

That directive, issued on 24 September, required Meta to take stronger steps to curb impersonation scams on Facebook, including those involving fake advertisements, accounts, and pages using images or identities of key Government Office Holders.

MHA and SPF observed a rising number of such scams between June 2024 and June 2025, with Facebook identified as the most exploited platform for these impersonations.

Although Meta had already introduced anti-impersonation tools globally, the Singapore authorities remained concerned about the high local incidence.

As a result, Meta was directed to deploy enhanced facial recognition tools in Singapore and to prioritise the review of end-user reports from Singapore.