Malicious Apps in Play Store

Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year.

The tech giant also said it blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or for repeated policy violations.

"In 2023, we prevented 2.28 million policy-violating apps from being published on Google Play in part thanks to our investment in new and improved security features, policy updates, and advanced machine learning and app review processes," Google's Steve Kafka, Khawaja Shams, and Mohet Saxena said.

"To help safeguard user privacy at scale, we partnered with SDK providers to limit sensitive data access and sharing, enhancing the privacy posture for over 31 SDKs impacting 790K+ apps."


In comparison, Google fended off 1.43 million bad apps from being published to the Play Store in 2022, alongside banning 173,000 bad accounts over the same time period.

In addition, the Mountain View-based firm said it strengthened its developer onboarding and review processes, requiring them to furnish more identity information and complete a verification process when setting up their Play Console developer accounts.

This, the company noted, enables it to better understand the developer community and root out bad actors from gaming the system to propagate malicious apps.

The development comes as Google is taking a series of steps to secure the Android ecosystem. Last November, it moved the App Defense Alliance (ADA), which it launched in November 2019, under the Linux Foundation umbrella, with Meta and Microsoft joining as the founding steering members.

Around the same time, the company also rolled out real-time scanning at the code level to tackle novel Android malware and an "Independent security review" badge in the Play Store's Data safety section for VPN apps that have undergone a Mobile Application Security Assessment (MASA) audit.

On the user-facing side of things, Google has also taken the step of taking down approximately 1.5 million applications from the Play Store that do not target the most recent APIs.

Google's ongoing fight to tackle malicious actors on Android coincides with a lawsuit filed by the company in the U.S. against two China-based fraudsters who are alleged to have engaged in an international online consumer investment fraud scheme and tricked users into downloading fake apps from the Play Store and other sources and ultimately stealing their funds.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.