Google announced significant efforts to improve the security of her Play Store application for Android on April 29. Last year, the company rejected or demanded to fix about 200,000 applications that tried to access sensitive user data, such as location or SMS.
Additionally, 333,000 accounts for attempting to disseminate malware and multiple violations of rules were also blocked. The most impressive record was the number of applications that were never published in the Google store due to security policy violations.
Google stated, “In 2023, we prevented the publication of 2.28 million applications that violate our policies, thanks to investments in new security functions, updates to rules, and improved application verification processes using machine learning.”
To protect user confidentiality at a large-scale level, Google began collaborating with SDK suppliers to limit access and exchange of sensitive data, increasing protection for more than 31 SDKs affecting over 790,000 applications.
Compared to last year, when Google prevented the publication of 1.43 million malware, this year showed significant and obvious growth in indicators.
The company also enhanced the developer registration and screening process, requiring more information about their identity and undergoing verification when configuring developer accounts in Play Console. These measures helped understand the developer community and identify attackers attempting to spread malicious applications.
As part of Android ecosystem protection efforts, last November, Google moved the App Defense Alliance under the Linux Foundation. Microsoft joined as a main member of the Governing Council.
During the same period, Google introduced real-time scanning at the code level to combat new types of Android malware and implemented the “Independent Security Verification” icon for VPN applications that passed the Mobile Application Security Assessment (MASA) audit in the Play Store.
Google also removed around 1.5 million applications from the Play Store that did not align with the latest API requirements.
The release of the Google report followed news of the company filing lawsuits against two scammers from China. They were accused of defrauding international consumers and distributing fake applications through the Play Store and other sources, leading to theft of user funds.