Android security: We’ve stopped billions of harmful app downloads, says Google
Google says it blocked 1.2 million apps from being published on the Google Play Store because the company detected policy violations in its app review processes, preventing ‘billions of harmful installs’ ” on Android devices.
Google’s Play Store reviews have often been considered less stringent than Apple’s App Store reviews. However, Google is making greater efforts to protect the privacy and security of people using the three billion active Android devices in use today, and it has prevented the distribution of 1.2 million policy-violating apps on the Play Store through its app review process.
Google says it also banned 190,000 malicious accounts in 2021 as part of its efforts to hamper malicious developers and spammers. It also closed 500,000 inactive or abandoned developer accounts.
“Last year, we introduced several privacy-focused features, strengthened our protections against bad apps and developers, and improved SDK data security. In addition, Google Play Protect continues to scan billions of apps installed on billions of devices to protect users from malware and unwanted software,” Google’s Android and Privacy teams said in a blog post.
TO SEE: Google: We’re spotting more zero-day bugs than ever. But hackers still have it too easy
Google’s initiatives in 2021 aimed to strike a balance between end-user security and convenience for developers whose work powers the Play Store, which had around 3.5 million apps available for download.
The volume of transactions on Apple’s and Google’s app stores is staggering. According to mobile ad analytics firm App Annie, consumers spent $170 billion on mobile apps in 2021, with around 65% of revenue going to Apple’s App Store and 35% to Google Play. Consumers downloaded 230 billion new apps in 2021, or about 435,000 apps per minute. But 98.3 billion of those downloads were made by users in China where Google Play is not available, while US consumers accounted for 12 billion of the total.
To improve transparency for end users, Google launched a data security program last May that requires developers to give users details about the types of data collected by an app, the use of encryption, and the how the data is used. Google requires developers to correct any detected violations of the policy. They are at risk of being further enforced if they do not comply with fixes requested by Google. Developers have until July 20 to declare to Play Store users the information required under the data security initiative.
Google also regularly removes malicious apps from the Play Store after they are discovered by third-party researchers, who still manage to find them on a reasonably regular basis.
To help developers manage rejections during the review process, Google has added a Policy and Programs section to the Google Play Developer Console. It also has a page to appeal decisions and track the status of a submission.
The benefits of these initiatives are greater for those who have upgraded to the latest versions of Android.
“Thanks to new platform protections and policies, developer collaboration and education, 98% of apps migrating to Android 11 or later reduced their access to sensitive APIs and user data,” Google claims.
“We’ve also significantly reduced unnecessary, unsafe, or prohibited use of accessibility APIs in apps migrating to Android 12, while preserving functionality for legitimate use cases.”
SEE: The best Android phones: better than the iPhone?
Google also noted that it prohibits the collection of advertising identifiers (AAID) and other device identifiers of all users in apps targeted only at children. These included identifiers such as SIM serial number, MAC address, SSID, IMEI and IMSI. It also gave all users the option to remove their advertising ID entirely, regardless of app.
Google Pixel is a small share of the overall Android market, but these users got a new security hub or a single page to manage all security settings.