How we stored the Google Play & Android app ecosystems protected in 2024

Android and Google Play comprise a vibrant ecosystem with billions of customers across the globe and thousands and thousands of useful apps. Preserving this ecosystem protected for customers and builders stays our high precedence. Nevertheless, like several flourishing ecosystem, it additionally attracts its share of unhealthy actors. That’s why yearly, we proceed to spend money on extra methods to guard our neighborhood and battle unhealthy actors, so customers can belief the apps they obtain from Google Play and builders can construct thriving companies.

Final 12 months, these investments included AI-powered menace detection, stronger privateness insurance policies, supercharged developer instruments, new industry-wide alliances, and extra. Because of this, we prevented 2.36 million policy-violating apps from being revealed on Google Play and banned greater than 158,000 unhealthy developer accounts that tried to publish dangerous apps.

However that was simply the beginning. For extra, check out our latest highlights from 2024:

Google’s superior AI: serving to make Google Play a safer place

To maintain out unhealthy actors, we’ve all the time used a mixture of human safety specialists and the most recent threat-detection expertise. In 2024, we used Google’s superior AI to enhance our methods’ capacity to proactively establish malware, enabling us to detect and block unhealthy apps extra successfully. It additionally helps us streamline assessment processes for builders with a confirmed monitor file of coverage compliance. At present, over 92% of our human critiques for dangerous apps are AI-assisted, permitting us to take faster and extra correct motion to assist forestall dangerous apps from changing into accessible on Google Play.

That’s enabled us to cease extra unhealthy apps than ever from reaching customers via the Play Retailer, defending customers from dangerous or malicious apps earlier than they will trigger any harm.

Working with builders to reinforce safety and privateness on Google Play

To guard person privateness, we’re working with builders to cut back pointless entry to delicate information. In 2024, we prevented 1.3 million apps from getting extreme or pointless entry to delicate person information. We additionally required apps to be extra clear about how they deal with person data by launching new developer necessities and a brand new “Knowledge deletion” possibility for apps that assist person accounts and information assortment. This helps customers handle their app information and perceive the app’s deletion practices, making it simpler for Play customers to delete information collected from third-party apps.

We additionally labored to make sure that apps use the strongest and latest privateness and safety capabilities Android has to supply. Each new model of Android introduces new safety and privateness options, and we encourage builders to embrace these developments as quickly as attainable. Because of partnering carefully with builders, over 91% of app installs on the Google Play Retailer now use the most recent protections of Android 13 or newer.

Safeguarding apps from scams and fraud is an ongoing battle for builders. The Play Integrity API permits builders to test if their apps have been tampered with or are operating in doubtlessly compromised environments, serving to them to stop abuse like fraud, bots, dishonest, and information theft. Play Integrity API and Play’s computerized safety helps builders be sure that customers are utilizing the official Play model of their app with the most recent safety updates. Apps utilizing Play integrity options are seeing 80% decrease utilization from unverified and untrusted sources on common.

We’re additionally always working to enhance the security of apps on Play at scale, similar to with the Google Play SDK Index. This software affords insights and information to assist builders make extra knowledgeable choices in regards to the security of an SDK. Final 12 months, along with including 80 SDKs to the index, we additionally labored carefully with SDK and app builders to deal with potential SDK safety and privateness points, serving to to construct safer and safer apps for Google Play.

Google Play’s multi-layered protections towards unhealthy apps

To create a trusted expertise for everybody on Google Play, we use our SAFE rules as a information, incorporating multi-layered protections which are all the time evolving to assist maintain Google Play protected. These protections begin with the builders themselves, who play a vital position in constructing safe apps. We offer builders with best-in-class instruments, greatest practices, and on-demand coaching assets for constructing protected, high-quality apps. Each app undergoes rigorous assessment and testing, with solely authorized apps allowed to look within the Play Retailer. Earlier than a person downloads an app from Play, customers can discover its person critiques, rankings, and Knowledge security part on Google Play to assist them make an knowledgeable choice. And as soon as put in, Google Play Defend, Android’s built-in safety safety, helps to defend their Android machine by repeatedly scanning for malicious app habits.

Enhancing Google Play Defend to assist maintain customers protected on Android

Whereas the Play Retailer affords best-in-class safety, we all know it’s not the one place customers obtain Android apps – so it’s essential that we additionally defend Android customers from extra generalized cell threats. To do that in an open ecosystem, we’ve invested in subtle, real-time defenses that defend towards scams, malware, and abusive apps. These clever safety measures assist to maintain customers, person information, and gadgets protected, even when apps are put in from varied sources with various ranges of safety.

Google Play Defend routinely scans each app on Android gadgets with Google Play Providers, irrespective of the obtain supply. This built-in safety, enabled by default, gives essential safety towards malware and undesirable software program. Google Play Defend scans greater than 200 billion apps every day and performs real-time scanning on the code-level on novel apps to fight rising and hidden threats, like polymorphic malware. In 2024, Google Play Defend’s real-time scanning recognized greater than 13 million new malicious apps from exterior Google Play¹.

Google Play Defend is all the time evolving to fight new threats and defend customers from dangerous apps that may result in scams and fraud. Listed here are among the new enhancements that are actually accessible globally on Android gadgets with Google Play Providers:

• Reminder notifications in Chrome on Android to re-enable Google Play Defend: In line with our analysis, greater than 95 p.c of app installations from main malware households that exploit delicate permissions extremely correlated to monetary fraud got here from Web-sideloading sources like net browsers, messaging apps, or file managers. To assist customers keep protected when looking the online, Chrome will now show a reminder notification to re-enable Google Play Defend if it has been turned off.
• Extra safety towards social engineering assaults: Scammers could manipulate customers into disabling Play Defend throughout calls to obtain malicious Web-sideloaded apps. To forestall this, the Play Defend app scanning toggle is now quickly disabled throughout telephone or video calls. This safeguard is enabled by default throughout conventional telephone calls in addition to throughout voice and video calls in standard third-party apps.
• Robotically revoking app permissions for doubtlessly harmful apps: Since Android 11, we’ve taken a proactive method to information privateness by routinely resetting permissions for apps that customers have not used shortly. This ensures apps can solely entry the info they honestly want, and customers can all the time grant permissions again if mandatory. To additional improve safety, Play Defend now routinely revokes permissions for doubtlessly dangerous apps, limiting their entry to delicate information like storage, images, and digicam. Customers can restore app permissions at any time, with a affirmation step for added safety.

Google Play Defend’s enhanced fraud safety pilot analyzes and routinely blocks the set up of apps which will use delicate permissions continuously abused for monetary fraud when the person makes an attempt to put in the app from an Web-sideloading supply (net browsers, messaging apps, or file managers).

Constructing on the success of our preliminary pilot in partnership with the Cyber Safety Company of Singapore (CSA), further enhanced fraud safety pilots are actually lively in 9 areas – Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, South Africa, Thailand, and Vietnam.

In 2024, Google Play Defend’s enhanced fraud safety pilots have shielded 10 million gadgets from over 36 million dangerous set up makes an attempt, encompassing over 200,000 distinctive apps.

By piloting these new protections, we are able to proactively fight rising threats and refine our options to thwart scammers and their more and more subtle fraud makes an attempt. We look ahead to persevering with to associate with governments, ecosystem companions, and different stakeholders to enhance person protections.

App badging to assist customers discover apps they will belief at a look on Google Play

In 2024, we launched a brand new badge for presidency builders to assist customers all over the world establish official authorities apps. Authorities apps are sometimes targets of impersonation because of the extremely delicate nature of the info customers present, giving unhealthy actors the flexibility to steal identities and commit monetary fraud. Badging verified authorities apps is a vital step in serving to join individuals with protected, high-quality, helpful, and related experiences. We associate carefully with world governments and are already exploring methods to construct on this work.

We additionally just lately launched a new badge to assist Google Play customers uncover VPN apps that take additional steps to display their sturdy dedication to safety. We permit builders who adhere to Play security and safety tips and have handed a further impartial Cellular Utility Safety Evaluation (MASA) to show a devoted badge within the Play Retailer to focus on their elevated dedication to security.

Collaborating to advance app safety requirements

Along with our partnerships with governments, builders, and different stakeholders, we additionally labored with our {industry} friends to guard all the app ecosystem for everybody. The App Protection Alliance, in partnership with fellow steering committee members Microsoft and Meta, just lately launched the ADA Utility Safety Evaluation (ASA) v1.0, a brand new commonplace to assist builders construct safer cell, net, and cloud purposes. This commonplace gives clear steering on defending delicate information, defending towards cyberattacks, and finally, strengthening person belief. This marks a big step ahead in establishing industry-wide safety greatest practices for software growth.

All builders are inspired to assessment and adjust to the brand new cell safety commonplace. You’ll see this commonplace in motion for all service apps pre-installed on future Pixel telephone fashions.

Trying forward

This 12 months, we’ll proceed to guard the Android and Google Play ecosystem, constructing on these instruments and assets in response to person and developer suggestions and the altering panorama. As all the time, we’ll maintain empowering builders to construct safer apps extra simply, streamline their coverage expertise, and defend their companies and customers from unhealthy actors.

¹ Primarily based on Google Play Defend 2024 inside information.