Android security: We stopped billions of harmful app downloads, says Google
Google says it blocked 1.2 million apps from being published to the Google Play store because the company detected policy violations in its app review processes, preventing “preventing billions of harmful installations” on Android devices.
Google’s Play Store reviews have often been seen as less strict than those in Apple’s App Store. However, Google is making bigger efforts to protect the privacy and security of people using the three billion active Android devices in use today and it has stopped 1.2 million policy violating apps from being distributed on the Play store through its app review process.
Google says it also banned 190,000 bad accounts in 2021 as part of its efforts to hinder malicious and spammer developers. It also closed 500,00 inactive or abandoned developer accounts.
“Last year we introduced multiple privacy focused features, enhanced our protections against bad apps and developers, and improved SDK data safety. In addition, Google Play Protect continues to scan billions of installed apps each day across billions of devices to keep people safe from malware and unwanted software,” Google’s Android and Privacy teams said in a blogpost.
SEE: Google: We’re spotting more zero-day bugs than ever. But hackers still have it too easy
Google’s initiatives in 2021 aimed to strike a balance between end-user safety and convenience for the developers whose work drives the Play Store, which had about 3.5 million apps available for download.
The volume of transactions on Apple’s and Google’s app stores is staggering. According to mobile ad analytics firm App Annie, consumers spent $170 billion on mobile apps in 2021, with roughly 65% share of revenues going to Apple’s App Store and 35% going to Google Play. Consumers downloaded 230 billion new apps in 2021, or about 435,000 apps per minute. But 98.3 billion of those downloads were by users in China where Google Play is not available, while US consumers accounted for 12 billion of the total.
In an effort to improve transparency for end users, Google introduced a data safety program last May that requires developers to give users details about the types of data collected by an app, the use of encryption, and how data is used. Google requires developers to fix any detected violations of policy. They risk further enforcement if they don’t comply with Google’s requested fixes. Developers have until July 20 to declare to Play store users information required in the data safety initiative.
Google also regularly removes malicious apps from the Play store after they’re discovered by third-party researchers, who still manage to find them on a reasonably regular basis.
To help developers manage rejections during the review process, Google has added a Policy and Programs section to the Google Play console for developers. It also has a page to appeal decisions and track the status of a submission.
The benefits of these initiatives are greater for those who’ve upgraded to the latest versions of Android.
“As a result of new platform protections and policies, developer collaboration and education, 98% of apps migrating to Android 11 or higher have reduced their access to sensitive APIs and user data,” Google claims.
“We’ve also significantly reduced the unnecessary, dangerous, or disallowed use of Accessibility APIs in apps migrating to Android 12, while preserving the functionality of legitimate use cases.”
SEE: The best Android phones: Better than the iPhone?
Google also noted that it disallowed the collection of Advertising ID (AAID) and other device identifiers from all users in apps solely targeting children. These included identifiers such as the SIM Serial number, MAC address, SSID, IMEI, and IMSI. It also gave all users the ability to delete their Advertising ID entirely, regardless of the app.
Google Pixel is a small share of the overall Android market, but these users gained a new Security hub, or a single page to manage all security settings.