Keeping Google Play protected for customers and builders stays a high precedence for Google. Google Play Protect continues to scan billions of put in apps every day throughout billions of Android units to maintain customers protected from threats like malware and undesirable software program.
In 2022, we prevented 1.43 million policy-violating apps from being revealed on Google Play partially attributable to new and improved safety features and coverage enhancements — together with our steady investments in machine studying programs and app evaluation processes. We additionally continued to fight malicious builders and fraud rings, banning 173K unhealthy accounts, and preventing over $2 billion in fraudulent and abusive transactions. We’ve raised the bar for brand spanking new builders to be part of the Play ecosystem with telephone, electronic mail, and different id verification strategies, which contributed to a discount in accounts used to publish violative apps. We continued to companion with SDK suppliers to restrict delicate information entry and sharing, enhancing the privateness posture for over a million apps on Google Play.
With strengthened Android platform protections and insurance policies, and developer outreach and schooling, we prevented about 500K submitted apps from unnecessarily accessing delicate permissions over the previous 3 years.
Developer Support and Collaboration to Help Keep Apps Safe
As the Android ecosystem expands, it’s important for us to work intently with the developer neighborhood to make sure they’ve the instruments, data, and assist to construct safe and reliable apps that respect consumer information safety and privateness.
In 2022, the App Security Improvements program helped builders repair ~500K safety weaknesses affecting ~300K apps with a mixed set up base of roughly 250B installs. We additionally launched the Google Play SDK Index to assist builders consider an SDK’s reliability and security and make knowledgeable choices about whether or not an SDK is true for his or her enterprise and their customers. We will maintain working intently with SDK suppliers to enhance app and SDK security, restrict how consumer information is shared, and enhance traces of communication with app builders.
We additionally lately launched new options and sources to provide builders a greater coverage expertise. We’ve expanded our Helpline pilot to provide extra builders direct coverage telephone assist. And we piloted the Google Play Developer Community so extra builders can talk about coverage questions and trade greatest practices on the right way to construct protected apps.
More Stringent App Requirements and Guidelines
In addition to the Google Play options and insurance policies which are central to offering a protected expertise for customers, every Android OS replace brings privateness, safety, and consumer expertise enhancements. To guarantee customers notice the complete advantages of those advances — and to take care of the trusted expertise individuals anticipate on Google Play — we collaborate with builders to make sure their apps work seamlessly on newer Android variations. With the brand new Target API Level coverage, we’re strengthening consumer safety and privateness by defending customers from putting in apps that won’t have the complete set of privateness and safety features supplied by the most recent variations of Android.
This previous yr, we rolled out new license necessities for private mortgage apps in key geographies – Kenya, Nigeria, and Philippines – with extra stringent necessities for mortgage facilitator apps in India to fight fraud. We additionally clarified that our impersonation coverage prohibits the impersonation of an entity or group – serving to to provide customers extra peace of thoughts that they’re downloading the app they’re on the lookout for.
We are additionally working to assist struggle fraudulent and malicious advertisements on Google Play. With an up to date advertisements coverage for builders, we’re offering key tips that may enhance the in-app consumer expertise and prohibit surprising full display screen interstitial advertisements. This replace is impressed by the Mobile Apps Experiences – Better Ads Standards.
Improving Data Transparency, Security Controls and Tools
We launched the Data security part in Google Play final yr to provide customers extra readability on how their app information is being collected, shared, and guarded. We’re excited to work with builders on enhancing the Data security part to share their information assortment, sharing, and security practices with their customers.
In 2022, the Google Play Store was the primary industrial app retailer to acknowledge and show a badge for any app that has accomplished an impartial safety evaluation via App Defense Alliance’s Mobile App Security Assessment (MASA). The badge is displayed inside an app’s respective Data Safety part. MASA leverages OWASP’s Mobile Application Security Verification Standard, which is essentially the most broadly adopted set of safety necessities for cell purposes. We’re seeing sturdy developer curiosity in MASA with broadly used apps throughout main app classes, e.g., Roblox, Uber, PayPal, Threema, YouTube, and lots of extra.
This previous yr, we additionally expanded the App Defense Alliance, an alliance of companions with a mission to guard Android customers from unhealthy apps via shared intelligence and coordinated detection. McAfee and Trend Micro joined Google, ESET, Lookout, and Zimperium, to cut back the danger of app-based malware and higher defend Android customers.
We’ve additionally continued to boost protections for builders and their apps, reminiscent of hardening Play Integrity API with KeyMint and Remote Key Provisioning.
Bringing Continuous Security and Privacy Enhancements to Pixel Users
For Pixel customers, we added extra highly effective options to assist maintain our customers protected. The new safety and privateness settings have been launched to all Pixel units working Android 13, bettering the safety and privateness posture for hundreds of thousands of customers’ world wide each month. Private Compute Core additionally permits Pixel telephones to detect dangerous apps in a privateness preserving method.
Looking Ahead
We stay dedicated to retaining Google Play and our ecosystem of customers and builders protected, and we look ahead to many thrilling safety and security bulletins in 2023.