Sometimes just reposting an already detected malware app from a newly created Play Store account, or using other developers' existing accounts, is enough for 'bad-faith' developers to trick the Play Store into distributing unsafe apps to Android users.
Since the mobile device platform is growing rapidly, every new effort Google makes apparently comes with trade-offs.
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology
Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.Join Now
For example, Google recently made some changes in its Play Store policies and added new restriction in Android APIs that now makes it mandatory for every new app to undergo rigorous security testing and review process before appearing in the Google Play Store.
These efforts also include:
- restricting developers from abusing Android accessibility services,
- restricting apps access to certain permissions like call logs and SMS permissions,
- adding behavior-based malware scanner,
- employing humans to review Android apps before they hit Play store,
- launching bug bounty for Android apps, and more.
Unfortunately, many developers are not happy with the process, and handling of manually reviewed cases after the team of experts at Google made false-positive malware and policy violation detections and failed to timely respond developers on whether their apps meet policy requirements.
"When we began enforcing these new SMS and Call Log policies, many of you expressed frustration about the decision making process," Sameer Samat, VP of Product Management, Android & Google Play says in a blog post.
Continuing its efforts over this ground, Google has now announced the company's plan to adopt more detailed communication with developers, explaining why a decision was made, as well as offering improved and transparent evaluations and appeal process.
Google says the company is expanding its "team to help accelerate the appeals process."
Besides this, Google has also planned to spend more time in reviewing Android apps by new developers before approving them to go live in Google Play Store in an effort to avoid taking decisions in error.
The review for an app from any new developer who doesn't have a proven track record with the tech giant will now take "days, not weeks," allowing the company to do "more thorough checks" before approving apps to publish over the Play Store.
"While the vast majority of developers on Android are well-meaning, some accounts are suspended for serious, repeated violation of policies that protect our shared users," Android developers say in a blog post.
"While 99%+ of these suspension decisions are correct, we are also very sensitive to how impactful it can be if your account has been disabled in error."
From now, those developer accounts disable in error can immediately appeal any enforcement, which will be carefully reviewed by the Android team. If the team discover that an error has been made, it will restore the account.