Google details how it fought malicious apps on the Play Store in 2019
The Google Play Store is the world’s biggest app ecosystem. It may not be the most profitable for app developers, but in terms of the number of apps and the number of app downloads, it leads the rest. For the most part, Google Play is a shining example of a curated app market. Unlike poorly managed stores such as the Windows Store, the Play Store isn’t filled by cheap knock-off apps, a lack of quality recommendations, and a poor user experience. Google knows the importance of the Play Store very well, and the company knows that continuous improvement is the goal here. Its achievements in dealing with malware have been detailed before. Now, the company has released a press release on explaining how it fought malicious apps in 2019.
Google notes that the Play Store’s thriving ecosystem can only be achieved and sustained “when trust and safety is one of its key foundations.” Google Play provides app developers with tools to reach billions of users around the world. Since the last few years, the company has made Play Store’s trust and safety a top priority, and has continued its investment in abuse detection systems, policies, and teams to fight against bad apps and malicious actors.
In 2019, Google committed to a safer Google Play for kids and families. The developer approval process was another improvement. The company initiated a deeper collaboration with security industry partners through the App Defense Alliance. Importantly, it enhanced its machine learning detection systems that analyze an app’s code, metadata, and user engagement signals for any suspicious content or behaviors, and simultaneously scaled the number and depth of manual reviews. Such efforts have had positive effects to make the Play Store a cleaner place, according to the company.
In late 2018, Google released a new policy to stop apps from unnecessarily accessing privacy-sensitive SMS and call log data. The company says that it saw a significant, 98% decrease in apps accessing SMS and call log data as developers partnered with it to update their apps and protect users. The remaining 2% are comprised of apps that require SMS and call log data to perform their core function. (There is another side to this story as well, unfortunately. Google’s crackdown on apps requiring SMS and call log permissions initially led to issues with legitimate apps.)
Google says the best way to protect users from bad apps is to keep those apps out of the Play Store in the first place (common sense). Its improved vetting mechanisms supposedly stopped over 790,000 policy-violating app submissions before they were ever published in the Play Store. In May 2019, the company also enacted a policy to better protect families. To that end, it worked with developers to update or remove tens of thousands of apps.
The next major achievement is Google Play Protect. It was first launched in 2017, and it acts as a built-in malware protection for Android devices. It scans over 100 billion apps everyday, and users are provided information about potential security issues and actions they can take to keep their devices safe and secure. Play Protect prevented more than 1.9 billion malware installations from non-Play Store sources. This is a staggering number.
Google acknowledges there is more work to be done. Detection systems will continue to be evaded by new ways. Therefore, it says its commitment in building the world’s safest and most helpful app platform will continue in 2020. The three key areas are: strengthening app safety policies to protect user privacy, faster detection of apps and blocking repeat offenders, and detecting as well as removing apps with harmful content and behaviors. Its team will continue to work with the developer community for the goal of delivering a safer Play Store.
Overall, much of Google’s work regarding the safety of Google Play is praiseworthy, but there are still certain issues. Most of these issues deal with inconsistent enforcement and unclear rule changes, as these factors have a habit of negatively affecting several popular legitimate apps. It’s to be hoped that the company continues to work on reducing pain points.