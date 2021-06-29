



After seeing an increase in fraudulent and malicious developer accounts, Google announced on Monday plans to require additional verification from developers who want to list their apps on the official Play Store.

According to Google, starting Monday, anyone registering a new Play Store developer account will specify whether the account is the property of an individual or organization, enter the contact’s name and address, and the phone number and email address. You need to check both.

Prior to today’s change, Google only asked Play Store developers to provide their email address and phone number, neither of which was verified.

In recent years, this inadequate process has led to the entire family industry appearing in underground cybercrime forums, proposing multiple threat actors to automate the process of creating Google Play developer accounts.

Crooks creates these accounts together and sells them to other groups. Other groups then use them to play malicious apps, including malware, various scams, legitimate app clones, or fleeceware (apps that significantly overcharge users for basic functionality). Upload to the store.).

However, while fraudsters created new accounts to market malicious apps, some threat actors broke into real accounts to insert malicious code into legitimate apps.

To counter this trend, Google yesterday required Play Store developers to enable a two-factor authentication solution for their accounts before being allowed to list Android apps in the official store. Said.

According to Google, the timeline for these upcoming changes looks like this:

Beginning June 28, 2021, developer account owners will be able to declare their account type and view contact details. August: All new developer accounts must specify the account type and verify contact information when signing up. 2FA is also a requirement for owners of new developer accounts. Later this year: All Play Store development accounts must declare their account type, verify their credentials, and enable 2FA.

Catalin Cimpanu is The Record’s cybersecurity reporter. He previously worked for ZDNet and Bleeping Computer. It has become famous in the industry for its constant investigation into new vulnerabilities, cyberattacks, and law enforcement measures against hackers.

