Cyber Security News

Google Blocks 2.28 Million Malicious Apps from Play Store in Security Crackdown

In a continued commitment to enhancing user safety and trust, Google has outlined significant strides made in 2023 to mitigate malicious activities across the Android ecosystem.

Guided by the SAFE principles Safeguard Users, Advocate for Developer Protection, Foster Responsible Innovation, and Evolve Platform Defenses, the company has implemented new strategies, reinforced policies, and adopted advanced technologies to stay ahead of emerging security threats.

One of the most notable achievements was preventing the publication of 2.28 million policy-violating apps on Google Play, achieved through enhanced developer review processes and advanced machine learning-driven app evaluations.

Google also banned 333,000 malicious developer accounts, attributed to confirmed malware and serial policy violations.

Furthermore, nearly 200,000 app submissions were either rejected or modified to ensure stricter compliance with sensitive permission policies, such as background location access and SMS usage.

To fortify user privacy at scale, Google collaborated with Software Development Kit (SDK) providers, limiting sensitive data sharing for over 31 SDKs affecting more than 790,000 apps.

The Google Play SDK Index was also expanded to encompass nearly 6 million apps, enabling developers to make informed SDK choices and reduce integration risks.

Developer Accountability

Google took a significant step by restructuring the App Defense Alliance (ADA) in partnership with Microsoft and Meta under the Joint Development Foundation.

This initiative aims to drive industry-wide adherence to app security best practices.

Meanwhile, transparency efforts were bolstered with new Play Store labeling for VPN apps that undergo independent security reviews under the Mobile App Security Assessment (MASA) framework, helping users identify apps prioritizing privacy and security.

To counter threats beyond the Play Store, Google Play Protect further enhanced its real-time code-level scanning capabilities.

Powered by machine learning algorithms analyzing extensive behavioral signals, these measures identified over 5 million new malicious apps distributed outside the Play Store.

Google also introduced more stringent developer requirements to improve app quality and accountability.

New guidelines now mandate testing for new developers before apps are made publicly available.

Developers are also required to provide enhanced identity verification, such as D-U-N-S numbers for organizations, and detailed profiles in the “About the Developer” section.

Additionally, apps enabling account creation must now feature easy-to-access account and data deletion options within the app and online, ensuring users’ control over their personal information.

In 2024, Google plans to escalate efforts against non-compliance by removing apps that fail to disclose transparent privacy practices.

The company has also filed a federal lawsuit against individuals responsible for fraudulent crypto exchange apps on Play, signaling its intent to hold malicious actors accountable.

With a robust roadmap for improving Android security, privacy, and user control, Google remains steadfast in its mission to provide a safer, more reliable platform for developers and users worldwide.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Researchers Turn the Tables: Scamming the Scammers in Telegram’s PigButchering Scheme

Cybersecurity specialists have devised an innovative approach to combat an emerging cybercrime called "PigButchering" on…

1 hour ago

New Spam Campaign Leverages Remote Monitoring Tools to Exploit Organizations

A sophisticated spam campaign targeting Portuguese-speaking users in Brazil has been uncovered by Cisco Talos,…

2 hours ago

New Attack Exploits X/Twitter Ad URL Feature to Deceive Users

Silent Push Threat Analysts have recently exposed a sophisticated financial scam leveraging a vulnerability in…

2 hours ago

Guess Which Browser Tops the List for Data Collection!

Google Chrome has emerged as the undisputed champion of data collection among 10 popular web…

2 hours ago

DOGE Big Balls Ransomware Leverages Open-Source Tools and Custom Scripts for Multi-Stage Attacks

A recent discovery by Netskope Threat Labs has brought to light a highly complex ransomware…

2 hours ago

Ransomware-as-a-Service (RaaS) Emerges as a Leading Framework for Cyberattacks

Ransomware-as-a-Service (RaaS) has solidified its position as the dominant framework driving ransomware attacks in 2024,…

2 hours ago