Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Google Says it Blocked 2.28 Million Apps from Google Play Store

In 2023, Google said it blocked 2.28 million bad applications from being published on Google Play and banned 333,000 developer accounts.

Google on Monday said improved security processes helped to block 2.28 million privacy-violating applications from being published in its Google Play app store in 2023.

The company said investments in better security features, updated policies, advanced machine learning and application review processes, and strengthened developer onboarding helped in the battle against bad Android apps and actors trying to slip into the application storefront.

Enhanced safeguards allowed Google to identify bad actors and fraud rings more effectively, and to ban a total of 333,000 bad accounts from Google Play, for malware distribution and repeated severe policy violations.

Last year, Google rejected or requested remediation for close to 200,000 application submissions that used sensitive permissions, the internet giant says.

To improve user privacy, Google worked with SDK providers to reduce sensitive data access and sharing, with impact on more than 30 SDKs and over 790,000 applications.

The Google Play SDK Index, which provides information on the commercial software development kits on Google Play, has been expanded to cover toolkits used in almost 6 million Android applications.

The internet giant also said it is working with Microsoft and Meta, as part of the restructured App Defense Alliance (ADA) to foster the adoption of app security best practices and guidelines, as well as protections against emerging threats.

In line with Google’s push to improve user safety, VPN applications that complete a security review through ADA’s Mobile App Security Assessment (MASA) will be labeled accordingly in Google Play, to increase their visibility.

Advertisement. Scroll to continue reading.

This enhancement adds to the real-time code scanning capability announced for Google Play Protect in October 2023, which will trigger when installing applications never scanned before, to warn users of potentially malicious software and protect them from emerging threats.

Leveraging ML algorithms, the enhanced protection has already helped the internet giant identify more than 5 million malicious applications distributed outside of Google Play. Additionally, updated policies regarding developer account creation and tightened testing requirements should ensure that more high-quality content is published in Google Play, the company added.

To further improve user privacy and security, applications that allow account creation are now required to allow account and data deletion from the application and online, and roughly 1.5 million applications that do not target the most recent Android APIs are no longer available to new users who updated to the latest Android iteration.

Related: VPN Apps on Google Play Turn Android Devices Into Proxies

Related: Two Apps Hosted on Google Play Sent User Data to Chinese Servers

Related: Spyware Found in Google Play Apps With Over 420 Million Downloads

Related: Google Blocked 1.4 Million Bad Apps From Google Play in 2022

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.