Google’s Ongoing Battle Against Bad Apps and Bad Actors in 2022

• Google Play Protect scans billions of installed apps daily across billions of Android devices, preventing the publication of 1.43 million policy-violating apps in 2022 and protecting users from threats like malware and unwanted software​.
• Google collaborates closely with the developer community to ensure the development of secure and trustworthy apps, providing tools, knowledge, and support through programs like App Security Improvements and the Google Play SDK Index.

Google Play Protect, Google’s comprehensive security solution, continues to safeguard billions of Android devices and users by scanning billions of installed apps daily, protecting against threats like malware and unwanted software. In 2022, Google made significant strides in maintaining the safety of Google Play, preventing the publication of 1.43 million policy-violating apps, combating malicious developers and fraud rings, and banning 173,000 bad accounts. These efforts contributed to preventing over $2 billion in fraudulent and abusive transactions​.

To ensure the integrity of the Play ecosystem, Google raised the bar for new developers to join, implementing phone, email, and other identity verification methods. This measure significantly reduced the number of accounts used to publish violative apps. Collaborating with software development kit (SDK) providers, Google also limited sensitive data access and sharing, enhancing privacy for over one million apps on Google Play​.

Google recognizes the importance of working closely with the developer community to build secure and trustworthy apps that prioritize user data security and privacy. In 2022, the App Security Improvements program helped developers address approximately 500,000 security weaknesses in around 300,000 apps with a combined install base of 250 billion. The introduction of the Google Play SDK Index empowered developers to evaluate the reliability and safety of SDKs, making informed decisions for their businesses and users. Google continues to collaborate with SDK providers to enhance app and SDK safety, limit data sharing, and improve communication with developers. The expansion of the Helpline pilot and the Google Play Developer Community further supports developers in navigating policies and sharing best practices for building safe apps​.

Google’s commitment to user safety is reflected in each Android operating system (OS) update, which brings privacy, security, and user experience enhancements. By collaborating with developers, Google ensures that apps seamlessly integrate with newer Android versions. The Target API Level policy strengthens user security and privacy by preventing the installation of apps that lack the full set of privacy and security features offered by the latest Android versions​.

In addressing specific areas of concern, Google introduced new license requirements for personal loan apps in key geographies such as Kenya, Nigeria, Philippines, and India, imposing stricter regulations to combat fraud. Google’s impersonation policy was clarified to prohibit the impersonation of entities or organizations, assuring users that they are downloading the intended apps. Additionally, an updated ads policy for developers aimed to improve the in-app user experience and eliminate unexpected full-screen interstitial ads, drawing inspiration from the Mobile Apps Experiences – Better Ads Standards​.

To enhance data transparency and user awareness, Google launched the Data safety section on Google Play, providing users with clear insights into how their app data is collected, shared, and protected. Google is actively working with developers to further enhance this section, encouraging them to share their data collection, sharing, and safety practices with their users. In a significant milestone, the Google Play Store became the first commercial app store to display a badge within an app’s respective Data Safety section for completing an independent security review through App Defense Alliance’s Mobile App Security Assessment (MASA). MASA leverages the widely adopted OWASP’s Mobile Application Security Verification Standard, showcasing strong developer interest across major app categories​​.

Collaboration and alliances play a crucial role in ensuring app security. Google expanded the App Defense Alliance, an alliance of partners committed to protecting Android users from malicious apps through shared intelligence and coordinated detection. With the addition of McAfee and Trend Micro to the existing partners (Google, ESET, Lookout, and Zimperium), the App Defense Alliance has strengthened efforts to reduce the risk of app-based malware and better protect Android users​.

Pixel users, in particular, have benefited from Google’s focus on enhancing security and privacy. New security and privacy settings were launched for all Pixel devices running Android 13, improving the security posture for millions of users worldwide. The introduction of Private Compute Core allows Pixel phones to detect harmful apps while preserving user privacy.

Google’s commitment to keeping Google Play safe for users and developers remains steadfast. By leveraging new security features, policy enhancements, machine learning systems, and app review processes, Google Play Protect continues to provide a safe experience for users. In addition to preventing policy-violating apps from being published on Google Play, Google actively combats malicious developers, bans bad accounts, and prevents fraudulent and abusive transactions. These efforts uphold the trusted experience that users expect on Google Play​.

As the Android ecosystem continues to expand, Google recognizes the importance of working closely with the developer community. By providing tools, knowledge, and support, Google empowers developers to build secure and trustworthy apps that prioritize user data security and privacy. This collaboration extends to improving app compatibility with newer Android versions and implementing measures that strengthen user security and privacy.