DEV Community

Cover image for Google blocked 2M malicious apps from the Play Store in 2023
Dmytro Klimenko
Dmytro Klimenko

Posted on

Google blocked 2M malicious apps from the Play Store in 2023

Google blocked 2.28 million policy-violating apps from being published on the Play Store in 2023, thanks to improved security measures and tighter developer vetting processes. The company rejected or had developers remediate almost 200,000 app submissions to prevent abuse of sensitive permissions like location tracking and SMS access.

The company says providing a safe and trusted Play Store experience is its top priority, underpinned by principles to “safeguard users”, “advocate for developer protection”, “foster responsible innovation”, and “evolve platform defences” against emerging threats.

In addition to blocking millions of policy violations, Google banned 333,000 bad actor accounts involved in confirmed malware distribution and other severe violations. New developer verification requirements like DUNS numbers for organisations aim to increase trust and transparency.

The company partnered with SDK providers to limit apps’ access to sensitive device data and expanded its SDK Index to cover almost 6 million apps—helping developers make better integration choices to boost quality and security.

Google joined forces with Microsoft and Meta in the restructured App Defense Alliance under the Linux Foundation to support adoption of app security best practices across the industry. It also launched Play Store labelling to highlight VPN apps verified through the Alliance’s independent security review.

To protect users installing apps outside the Play Store, Google Play Protect received stronger real-time scanning capabilities to detect malicious code. This identified over five million new malicious apps not distributed via the official store.

Policy updates covered generative AI apps, disruptive notifications, and expanded privacy protections. Apps enabling account creation must now provide in-app and web options to delete accounts and personal data on request.

Around 1.5 million apps not targeting recent Android APIs were made unavailable to new users updating to the latest OS version as an added safeguard.

Looking ahead to 2024, Google says it will remove Play Store apps not transparent about privacy practices. The company also filed a lawsuit against crypto scammers who defrauded users after misrepresenting their malicious apps during the upload process.

“Protecting users and developers on Google Play is paramount and ever-evolving,” explained Google. “We’re constantly working on new ways to protect your experience on Google Play and across the entire Android ecosystem.”

Top comments (0)