Google Ramps Up Play Store Security: Blocks Over 500,000 Apps and Accounts
Recently, Google announced significant efforts to enhance the security of its Play Store for Android. Last year, the company rejected or demanded corrections for approximately 200,000 applications that attempted to access users’ sensitive data, such as location or SMS.
Additionally, around 333,000 accounts were blocked for attempting to distribute malware and for repeated violations of the rules. However, the most staggering record was set by the number of applications that were never published in Google’s proprietary store due to security policy violations.
“In 2023, we prevented 2.28 million policy-violating apps from being published on Google Play in part thanks to our investment in new and improved security features, policy updates, and advanced machine learning and app review processes,” said Google representatives.
To protect user privacy on a large scale, the company began collaborating with SDK providers to limit access to and sharing of sensitive data, enhancing protection for more than 31 SDKs affecting over 790,000 applications.
Compared to last year, when Google prevented the publication of 1.43 million malicious applications, the growth in these metrics this year has been evident and substantial.
Furthermore, the company strengthened the registration and verification process for developers, requiring them to provide more information about their identity and undergo a verification process when setting up developer accounts in the Play Console. These measures have allowed for a better understanding of the developer community and the identification of malicious actors attempting to use the system to distribute harmful applications.
As part of its efforts to protect the Android ecosystem, Google moved the App Defense Alliance under the umbrella of the Linux Foundation last November, with Meta and Microsoft joining as key members of the governing board.
During the same period, the company launched real-time code-level scanning to combat new types of Android malware and introduced an “Independent Security Review” badge in the Play Store for VPN applications that have passed the Mobile Application Security Audit (MASA).
On the user side, Google also removed about 1.5 million applications from the Play Store that did not comply with the latest APIs.
Notably, Google’s report came shortly after the company filed a lawsuit against two fraudsters from China, accused of international consumer deception and distributing counterfeit applications through the Play Store and other sources, leading to financial theft from users.
