The move comes as part of Google’s broader initiative to bolster the security of the Android ecosystem. In November, the company transferred the App Defence Alliance (ADA) under the Linux Foundation umbrella, with Meta and Microsoft joining as founding steering members
Google announced on Monday that it has taken significant measures to enhance security within its Play Store for Android, revealing that nearly 200,000 app submissions were either rejected or adjusted to address concerns related to sensitive data access, such as location or SMS messages, over the past year.
The tech giant disclosed that it thwarted 333,000 suspicious accounts from accessing the app marketplace in 2023, due to attempts to distribute malware or repeated policy breaches.
“In 2023, we prevented 2.28 million policy-violating apps from being published on Google Play, thanks to our investment in enhanced security features, policy updates, and advanced machine learning and app review processes,” stated Google’s Steve Kafka, Khawaja Shams, and Mohet Saxena.
“To bolster user privacy on a large scale, we collaborated with SDK providers to restrict access to sensitive data and its sharing, thereby fortifying privacy measures for over 31 SDKs affecting 790K+ apps” they added
This marks a significant increase from the previous year, wherein Google blocked 1.43 million dubious apps from entering the Play Store in 2022 and banned 173,000 problematic accounts during the same period.
Additionally, Google highlighted its efforts to tighten developer onboarding and review procedures, mandating developers to provide more identity information and undergo a verification process when establishing their Play Console developer accounts. These measures aim to better understand the developer community and weed out malicious actors attempting to exploit the system to propagate harmful apps.
The move comes as part of Google’s broader initiative to bolster the security of the Android ecosystem. In November, the company transferred the App Defence Alliance (ADA) under the Linux Foundation umbrella, with Meta and Microsoft joining as founding steering members. Simultaneously, Google introduced real-time code-level scanning to combat emerging Android malware and introduced an “Independent security review” badge for VPN apps in the Play Store, signaling they’ve undergone a Mobile Application Security Assessment (MASA) audit.
On the user front, Google has removed approximately 1.5 million applications from the Play Store that don’t target the latest APIs, further tightening security measures.
Google’s ongoing efforts to combat malicious actors on Android coincide with a lawsuit filed against two China-based fraudsters in the U.S. The individuals are accused of orchestrating an international online consumer investment fraud scheme, tricking users into downloading fake apps from the Play Store and other sources, ultimately leading to financial losses for unsuspecting victims.
