Google blocked 2M malicious apps from the Play Store in 2023

Ryan Daws is a senior editor at TechForge Media, with a seasoned background spanning over a decade in tech journalism. His expertise lies in identifying the latest technological trends, dissecting complex topics, and weaving compelling narratives around the most cutting-edge developments. His articles and interviews with leading industry figures have gained him recognition as a key influencer by organisations such as Onalytica. Publications under his stewardship have since gained recognition from leading analyst houses like Forrester for their performance. Find him on X (@gadget_ry) or Mastodon (@[email protected])

Google blocked 2.28 million policy-violating apps from being published on the Play Store in 2023, thanks to improved security measures and tighter developer vetting processes. The company rejected or had developers remediate almost 200,000 app submissions to prevent abuse of sensitive permissions like location tracking and SMS access.

The company says providing a safe and trusted Play Store experience is its top priority, underpinned by principles to “safeguard users”, “advocate for developer protection”, “foster responsible innovation”, and “evolve platform defences” against emerging threats.

In addition to blocking millions of policy violations, Google banned 333,000 bad actor accounts involved in confirmed malware distribution and other severe violations. New developer verification requirements like DUNS numbers for organisations aim to increase trust and transparency.

The company partnered with SDK providers to limit apps’ access to sensitive device data and expanded its SDK Index to cover almost 6 million apps—helping developers make better integration choices to boost quality and security.

Google joined forces with Microsoft and Meta in the restructured App Defense Alliance under the Linux Foundation to support adoption of app security best practices across the industry. It also launched Play Store labelling to highlight VPN apps verified through the Alliance’s independent security review.

To protect users installing apps outside the Play Store, Google Play Protect received stronger real-time scanning capabilities to detect malicious code. This identified over five million new malicious apps not distributed via the official store.

Policy updates covered generative AI apps, disruptive notifications, and expanded privacy protections. Apps enabling account creation must now provide in-app and web options to delete accounts and personal data on request.

Around 1.5 million apps not targeting recent Android APIs were made unavailable to new users updating to the latest OS version as an added safeguard.

Looking ahead to 2024, Google says it will remove Play Store apps not transparent about privacy practices. The company also filed a lawsuit against crypto scammers who defrauded users after misrepresenting their malicious apps during the upload process.

“Protecting users and developers on Google Play is paramount and ever-evolving,” explained Google. “We’re constantly working on new ways to protect your experience on Google Play and across the entire Android ecosystem.”

(Photo by Nik Shuliahin)

See also: GitHub’s 2FA rollout boosts supply chain security

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including BlockX, Digital Transformation Week, IoT Tech Expo and AI & Big Data Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.