Google Thwarts 2.28 Million Malicious Apps from Entering Play Store in 2023

Google has disclosed that it prevented nearly 200,000 app submissions to its Play Store for Android due to issues related to access to sensitive data, such as location or SMS messages, in the past year. Additionally, the tech giant blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or for repeated policy violations.

“In 2023, we prevented 2.28 million policy-violating apps from being published on Google Play, thanks in part to our investment in new and improved security features, policy updates, and advanced machine learning and app review processes,” said Google.

Google also collaborated with SDK providers to limit sensitive data access and sharing, enhancing the privacy posture for over 31 SDKs impacting more than 790,000 apps.

Comparatively, Google managed to fend off 1.43 million bad apps from being published on the Play Store in 2022, alongside banning 173,000 bad accounts during the same period.

The company strengthened its developer onboarding and review processes, requiring developers to provide more identity information and complete a verification process when setting up their Play Console developer accounts. This helps Google better understand the developer community and identify bad actors attempting to propagate malicious apps.

Google’s efforts to secure the Android ecosystem include moving the App Defense Alliance (ADA), launched in November 2019, under the Linux Foundation umbrella, with Meta and Microsoft joining as founding steering members. It also rolled out real-time scanning at the code level to combat novel Android malware and introduced an “Independent security review” badge in the Play Store’s Data safety section for VPN apps that have undergone a Mobile Application Security Assessment (MASA) audit.

On the user-facing side, Google has taken down approximately 1.5 million applications from the Play Store that do not target the most recent APIs.

Google’s ongoing fight against malicious actors on Android aligns with a lawsuit filed by the company in the U.S. against two China-based fraudsters alleged to have engaged in an international online consumer investment fraud scheme. They are accused of tricking users into downloading fake apps from the Play Store and other sources, ultimately stealing their funds.

To ensure the security of their Android devices, users should only download apps from the official Google Play Store and avoid third-party app stores. They should also review app permissions before installation and regularly update their apps and operating system to the latest versions. Installing reputable antivirus software can provide an additional layer of security against malicious apps.