Android and Google Play comprise a vibrant ecosystem with billions of customers across the globe and hundreds of thousands of useful apps. Keeping this ecosystem secure for customers and builders stays our high precedence. However, like every flourishing ecosystem, it additionally attracts its share of dangerous actors. That’s why yearly, we proceed to put money into extra methods to guard our neighborhood and combat dangerous actors, so customers can belief the apps they obtain from Google Play and builders can construct thriving companies.
Last yr, these investments included AI-powered risk detection, stronger privateness insurance policies, supercharged developer instruments, new industry-wide alliances, and extra. As a outcome, we prevented 2.36 million policy-violating apps from being revealed on Google Play and banned greater than 158,000 dangerous developer accounts that tried to publish dangerous apps.
But that was simply the beginning. For extra, check out our current highlights from 2024:
Google’s superior AI: serving to make Google Play a safer place
To maintain out dangerous actors, we’ve at all times used a mix of human safety specialists and the most recent threat-detection expertise. In 2024, we used Google’s superior AI to enhance our techniques’ capacity to proactively establish malware, enabling us to detect and block dangerous apps extra successfully. It additionally helps us streamline evaluation processes for builders with a confirmed observe file of coverage compliance. Today, over 92% of our human critiques for dangerous apps are AI-assisted, permitting us to take faster and extra correct motion to assist stop dangerous apps from turning into accessible on Google Play.
That’s enabled us to cease extra dangerous apps than ever from reaching customers by way of the Play Store, defending customers from dangerous or malicious apps earlier than they’ll trigger any injury.
Working with builders to reinforce safety and privateness on Google Play
To shield person privateness, we’re working with builders to scale back pointless entry to delicate knowledge. In 2024, we prevented 1.3 million apps from getting extreme or pointless entry to delicate person knowledge. We additionally required apps to be extra clear about how they deal with person info by launching new developer necessities and a brand new “Data deletion” possibility for apps that assist person accounts and knowledge assortment. This helps customers handle their app knowledge and perceive the app’s deletion practices, making it simpler for Play customers to delete knowledge collected from third-party apps.
We additionally labored to make sure that apps use the strongest and most recent privateness and safety capabilities Android has to supply. Every new model of Android introduces new safety and privateness options, and we encourage builders to embrace these developments as quickly as potential. As a results of partnering intently with builders, over 91% of app installs on the Google Play Store now use the most recent protections of Android 13 or newer.
Safeguarding apps from scams and fraud is an ongoing battle for builders. The Play Integrity API permits builders to test if their apps have been tampered with or are working in doubtlessly compromised environments, serving to them to stop abuse like fraud, bots, dishonest, and knowledge theft. Play Integrity API and Play’s automated safety helps builders make sure that customers are utilizing the official Play model of their app with the most recent safety updates. Apps utilizing Play integrity options are seeing 80% decrease utilization from unverified and untrusted sources on common.
We’re additionally continually working to enhance the security of apps on Play at scale, equivalent to with the Google Play SDK Index. This instrument affords insights and knowledge to assist builders make extra knowledgeable choices in regards to the security of an SDK. Last yr, along with including 80 SDKs to the index, we additionally labored intently with SDK and app builders to deal with potential SDK safety and privateness points, serving to to construct safer and safer apps for Google Play.
Google Play’s multi-layered protections towards dangerous apps
To create a trusted expertise for everybody on Google Play, we use our SAFE rules as a information, incorporating multi-layered protections which might be at all times evolving to assist maintain Google Play secure. These protections begin with the builders themselves, who play an important function in constructing safe apps. We present builders with best-in-class instruments, finest practices, and on-demand coaching assets for constructing secure, high-quality apps. Every app undergoes rigorous evaluation and testing, with solely authorized apps allowed to look within the Play Store. Before a person downloads an app from Play, customers can discover its person critiques, rankings, and Data security part on Google Play to assist them make an knowledgeable choice. And as soon as put in, Google Play Protect, Android’s built-in safety safety, helps to defend their Android system by constantly scanning for malicious app conduct.
Enhancing Google Play Protect to assist maintain customers secure on Android
While the Play Store affords best-in-class safety, we all know it’s not the one place customers obtain Android apps – so it’s vital that we additionally defend Android customers from extra generalized cellular threats. To do that in an open ecosystem, we’ve invested in subtle, real-time defenses that shield towards scams, malware, and abusive apps. These clever safety measures assist to maintain customers, person knowledge, and gadgets secure, even when apps are put in from varied sources with various ranges of safety.
Google Play Protect mechanically scans each app on Android gadgets with Google Play Services, irrespective of the obtain supply. This built-in safety, enabled by default, supplies essential safety towards malware and undesirable software program. Google Play Protect scans greater than 200 billion apps every day and performs real-time scanning on the code-level on novel apps to fight rising and hidden threats, like polymorphic malware. In 2024, Google Play Protect’s real-time scanning recognized greater than 13 million new malicious apps from outdoors Google Play1.
Google Play Protect is at all times evolving to fight new threats and shield customers from dangerous apps that may result in scams and fraud. Here are among the new enhancements that at the moment are accessible globally on Android gadgets with Google Play Services:
- Reminder notifications in Chrome on Android to re-enable Google Play Protect: According to our analysis, greater than 95 p.c of app installations from main malware households that exploit delicate permissions extremely correlated to monetary fraud got here from Internet-sideloading sources like net browsers, messaging apps, or file managers. To assist customers keep protected when looking the online, Chrome will now show a reminder notification to re-enable Google Play Protect if it has been turned off.
- Additional safety towards social engineering assaults: Scammers might manipulate customers into disabling Play Protect throughout calls to obtain malicious Internet-sideloaded apps. To stop this, the Play Protect app scanning toggle is now briefly disabled throughout telephone or video calls. This safeguard is enabled by default throughout conventional telephone calls in addition to throughout voice and video calls in standard third-party apps.
- Automatically revoking app permissions for doubtlessly harmful apps: Since Android 11, we’ve taken a proactive strategy to knowledge privateness by mechanically resetting permissions for apps that customers have not used shortly. This ensures apps can solely entry the information they honestly want, and customers can at all times grant permissions again if mandatory. To additional improve safety, Play Protect now mechanically revokes permissions for doubtlessly dangerous apps, limiting their entry to delicate knowledge like storage, photographs, and digicam. Users can restore app permissions at any time, with a affirmation step for added safety.
Google Play Protect’s enhanced fraud safety pilot analyzes and mechanically blocks the set up of apps that will use delicate permissions continuously abused for monetary fraud when the person makes an attempt to put in the app from an Internet-sideloading supply (net browsers, messaging apps, or file managers).
Building on the success of our preliminary pilot in partnership with the Cyber Security Agency of Singapore (CSA), further enhanced fraud safety pilots at the moment are energetic in 9 areas – Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, South Africa, Thailand, and Vietnam.
In 2024, Google Play Protect’s enhanced fraud safety pilots have shielded 10 million gadgets from over 36 million dangerous set up makes an attempt, encompassing over 200,000 distinctive apps.
By piloting these new protections, we are able to proactively fight rising threats and refine our options to thwart scammers and their more and more subtle fraud makes an attempt. We sit up for persevering with to companion with governments, ecosystem companions, and different stakeholders to enhance person protections.
App badging to assist customers discover apps they’ll belief at a look on Google Play
In 2024, we launched a brand new badge for presidency builders to assist customers around the globe establish official authorities apps. Government apps are sometimes targets of impersonation as a result of extremely delicate nature of the information customers present, giving dangerous actors the flexibility to steal identities and commit monetary fraud. Badging verified authorities apps is a vital step in serving to join folks with secure, high-quality, helpful, and related experiences. We companion intently with world governments and are already exploring methods to construct on this work.
We additionally lately launched a new badge to assist Google Play customers uncover VPN apps that take additional steps to display their robust dedication to safety. We permit builders who adhere to Play security and safety tips and have handed a further unbiased Mobile Application Security Assessment (MASA) to show a devoted badge within the Play Store to spotlight their elevated dedication to security.
Collaborating to advance app safety requirements
In addition to our partnerships with governments, builders, and different stakeholders, we additionally labored with our {industry} friends to guard the whole app ecosystem for everybody. The App Defense Alliance, in partnership with fellow steering committee members Microsoft and Meta, lately launched the ADA Application Security Assessment (ASA) v1.0, a brand new customary to assist builders construct safer cellular, net, and cloud purposes. This customary supplies clear steerage on defending delicate knowledge, defending towards cyberattacks, and in the end, strengthening person belief. This marks a big step ahead in establishing industry-wide safety finest practices for software growth.
All builders are inspired to evaluation and adjust to the brand new cellular safety customary. You’ll see this customary in motion for all provider apps pre-installed on future Pixel telephone fashions.
Looking forward
This yr, we’ll proceed to guard the Android and Google Play ecosystem, constructing on these instruments and assets in response to person and developer suggestions and the altering panorama. As at all times, we’ll maintain empowering builders to construct safer apps extra simply, streamline their coverage expertise, and shield their companies and customers from dangerous actors.
1 Based on Google Play Protect 2024 inside knowledge.