Posted by Bethel Otuteye and Khawaja Shams (Android Security and Privacy), and Ron Aquino (Play Trust and Safety).
Android and Google Play make up billions of users around the world and a lively ecosystem with millions of useful apps. Keeping this ecosystem safely for users and developers is still a top priority. But, like a prosperous ecosystem, it also attracts a bad actor share. That’s why we protect the community every year and continue to invest in more ways to fight bad actors, so users trust the apps to be downloaded from Google Play, and developers have built a prosperous business. can.
Last year, these investments include detection of threats equipped with AI, more powerful privacy policy, supercharge developer tools, and new industry allies. As a result, an application that uses 2.36 million policies has been prevented from being released on Google Play, banning more than 158,000 bad developers who have tried to publish harmful apps.
But that was just the beginning. For more information, see the recent highlights in 2024.
Google’s advanced AI: Help to make Google a safer place
In order to close bad actors, we have always used a combination of human security experts and the latest threat detection technology. In 2024, we used Google’s Advanced AI to improve the system’s ability to actively identify malware so that bad apps could be more effective and blocked. It also helps rationalize the review process of developers who have a track record of policy composition. Today, more than 92 % of the human reviews of harmful apps are AI -assisted, so you can take more quick and accurate actions to prevent Google Play from becoming available.
This stopped reaching users via the play store more than ever before, protecting users from harmful or malicious apps before causing damage.
In cooperation with developers, strengthen Google Play security and privacy
In order to protect user privacy, we are working with developers to reduce unnecessary access to confidential data. In 2024, 1.3 million apps prevented excessive or unnecessary access to highly confidential user data. Also, by launching the requirements of new developers, the application is more transparent about how to handle user information on the new “data deletion” option of the application that supports user information, user account and data collection. I needed to do it. This makes it easier for users to manage app data, understand the deletion of apps, and delete the data collected from the third -party app.
The app has also worked on using the strongest privacy and security features provided by Android. All new versions of Android introduce new security and privacy features, encouraging developers to accept these progress as soon as possible. As a result of closely affiliated with developers, more than 91 % of the apps installed on the Google Play Store use the latest protection after Android 13.
Protecting fraud and fraud apps is a continuous battle for developers. With the Play Integrity API, the developer confirms whether the app has been tampered with or executed in an environment where the app is infringed, and abuse fraud, bots, injustice, and theft of data. It helps to prevent it. The automatic protection of the Play Integrity API and Play helps to confirm that developers use the latest security updates to use the official play version of the app. Apps that use the Play Integrity function are 80 % lower on uneven verification or unreliable sources on average.
We are always working to improve the safety of apps on large -scale Play, such as the Google Play SDK index. This tool provides insights and data that developers can make more information on SDK’s safety. Last year, in addition to adding 80 SDKs to the index, in closely linked with SDK and App developers to deal with SDK security and privacy issues, and a safer and safer app for Google Play. It was useful for construction.
Multi -layer protection for Google Play’s bad app
In order to create a reliable experience for everyone in Google Play, we use a safe principle as a guide and incorporate multilayer protection that is constantly evolving to keep Google Play safer. These protection begins with developers who play an important role in building a safe app. We provide developers with the best tools, best practices, and on -demand training resources for building safe and high -quality apps. All apps receive strict reviews and tests that are allowed to be displayed in the Play Store only. Before the user downloads the app from the playback, the user can check the user’s review, evaluation, and data safety sections on Google Play and make a decision based on information. Once installed, Google Play Protect, a built -in security protection of Android, will help you continue to scan the actions of malicious apps and protect your Android devices.
It helps to enhance Google Play Protect and keep users safer with Android
Play Store offers the best security in class, but knows that it’s not the only place to download Android apps. Therefore, it is also important to defend Android users from more popular mobile threats. In order to do this on an open ecosystem, we invested in sophisticated real -time defense protecting from fraud, malware, and abused apps. These intelligent security measures can help maintain users, user data, and devices, even if apps are installed from various sources with various levels of security.
Regardless of Google Play Protect download source, use the Google Play service to automatically scan all applications on Android devices. The default protection of this embedded insertion provides important security for malware and unnecessary software. Google Play protects more than 200 billion apps every day, run real -time scan at the code level of the new app, and fights new threats like multiple malware. In 2024, the real -time scan of Google Play Protect has identified more than 13 million new malicious apps from Google Play 1.
Google Play Protect has always evolved to protect users from harmful apps that can lead to new threats and fraud. Some of the new improvements that have been used globally on Android devices using Google Play Services are shown below.
The reminder notification in Chrome on Android will make Google Play Protect playable: our surveys, which installs a major Malware Family installed from a sensitive permission that is highly correlated with financial fraud 95. More than percentage were born from the side of the Internet sources such as web browsers and messaging. App, file manager. In order to keep the user protected when browsing the Web, Chrome has now displayed a reminder notification in Google Play Protect that can be obtained again when it is turned off. Additional protection against social engineering attacks: Scammers may disable Play Protect while calling users to download malicious Internet -like apps. To prevent this, the Play Protect App Scanning Toggle has temporarily disabled it during telephone or video calls. This protection is enabled by default during the conventional telephone and the popular third -party app audio and video calls. Automatically cancel the potentially dangerous app Apprecz Permit: Android 11 has been actively approached data privacy by automatically resetting access permissions for users that have not been used for a while. This allows the app to access only the data you really need, and users can give permission permission at any time as needed. In order to further enhance security, Play Protect automatically cancels the potentially harmful app permission and limit access to confidential data such as storage, photos, and cameras. Users can use the confirmation steps to add security to restore app permissions at any time.
Automatically blocks Google Play Play Protect enhanced fraudulent pilot analysis. Automatically installs apps that may use confidential permissions that are frequently abused for financial fraud when you try to install an app from the Internet side road source (web browser, messaging app, or file manager) I block it. 。
In cooperation with Singapore’s Cyber Security Agency (CSA), the additional reinforced fraudulent pilots are now in Brazil, Hong Kong, India, Kenya, Nigeria, South Africa, and South Africa, South Africa, Thailand. I am active in the community. And Vietnam.
In 2024, the strengthened fraudulent pilot of Google Play Protect protects 10 million units since attempts of more than 36 million high -risk installation, which covers more than 200,000 unique apps.
By piloting these new protections, we can actively fight with new threats and improve the solutions to more sophisticated scams. We look forward to continuing to partner with government, ecosystem partner, and other stakeholders to improve user protection.
Support app badge users find a reliable app at a glance Google Play
In 2024, government developers introduced a new badge for government developers to support users around the world to identify official government apps. The government app is often the target of the sacrifice, and gives a bad actor and gives the ability to commit financial fraud because of the very sensitive nature of data provided by users. Verified government app badges are important steps to link people to safe, high -quality, useful and relevant experiences. We are in close cooperation with the global government and are already looking for a way to build this work.
In addition, we have recently introduced a new badge for Google Play users to discover VPN apps that take additional measures to demonstrate a strong commitment to security. Developers who comply with safety and security guidelines and have passed the additional independent mobile application security evaluation (MASA) so that they can display dedicated badges in the Play Store to emphasize the increase in commitments to safety. I’ll do it.
Cooperation to promote the security standards of the app
In addition to partnerships with governments, developers, and other stakeholders, we have worked with the industry to protect the entire app for everyone. App Defense Alliance has a new standard ADA application security evaluation (ASA), a new standard for developers to build more secure mobile, web, and cloud applications in collaboration with members of the Friends Steering Committee Microsoft and Meta. V1.0 has started. This standard provides a clear guidance on protection of confidential data, defense against cyber attacks, and ultimately strengthening user trust. This indicates important advancement in establishing security best practices for application development.
It is recommended that all developers confirm and comply with the new mobile security standard. This standard has been implemented for all career apps installed in advance on future pixel telephone models.
I’m looking ahead
This year, we will continue to protect Android and Google Play, which builds these tools and resources, depending on the views that change from the feedback between users and developers. As usual, developers will build more secure apps, rationalize policy experience, and keep business and users from bad actors.
1 Based on the internal data of Google Play Protect 2024.
