Google insists it’s doing what it can to purge the Play Store of malicious apps

Google still faces accusations of being lax with security in its quest to keeping malicious apps off its Play Store, but in the last few years it’s been making increasing efforts to improve the safety of its digital distribution outlet.

In a post on the Android Developers Blog this week, Google Play product manager Andrew Ahn said that in 2018 the company worked on enhancing its abuse detection technologies and machine learning systems, while at the same time expanding its team of product managers, engineers, policy experts, and operations leaders to tackle nefarious app developers.

Ahn said the extra effort resulted in rejected app submissions increasing by 55 percent compared to 2017, while those that did get through were spotted and removed more quickly than ever before — often before anyone even had a chance to install them.

“These increases can be attributed to our continued efforts to tighten policies to reduce the number of harmful apps on the Play Store, as well as our investments in automated protections and human review processes,” the product manager wrote in the post.

Google declined to reveal how many dodgy apps it turfed out of the Play Store last year, though we do know that in 2017 the figure reached 700,000, with a sizable 100,000 developers banned from submitting any future apps.

Fifty billion apps scanned every day

Ahn said that besides his team’s work to prevent malicious apps from reaching the Play Store, its Google Play Protect system is also scanning a whopping 50 billion apps on users’ devices each and every day to confirm the safety of the installed software.

“With such protection, apps from Google Play are eight times less likely to harm a user’s device than Android apps from other sources,” Ahn wrote, reminding Android users that downloading apps from third-party stores carries extra risks.

Repeat offenders

The company says it’s continuing to tighten up app rules regarding users’ data and privacy, revealing that in 2018 it removed “tens of thousands” of apps that failed to comply with Play’s policies.

Interestingly, Ahn revealed that more than 80 percent of severe policy violations are made by “repeat offenders and abusive developer networks,” adding that when they’re banned, many simply create new accounts or buy developer accounts on the black market before submitting more apps. However, Google’s improving technology is making it harder for them to operate in this way.

Despite Google’s undoubted efforts, there will always be some malicious apps that are hard to detect. For example, it was cybersecurity firm Trend Micro — not Google — that recently discovered 29 apps in the Play Store that shouldn’t have been there. Some of them sent users to phishing sites or stole users’ photos, and had reportedly been downloaded millions of times before they were thrown out of the store.

Indeed, Ahn admitted the challenge was ongoing: “Despite our enhanced and added layers of defense against bad apps, we know bad actors will continue to try to evade our systems by changing their tactics and cloaking bad behaviors,” he wrote, adding that his team will continue to do all it can “to provide our users with a secure and safe app store.”

Editors’ Recommendations

  • Tumblr bans nudity to create ‘a safe place for creative expression’
  • Here’s how the Google Play Store detects fake ratings and reviews
  • The internet’s free-wheeling spirit is dying, and we have malware to thank
  • Google Play Store junks malicious beauty camera Android apps that stole pictures
  • Four fake cryptocurrency apps were listed on the Google Play Store