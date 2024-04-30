



Posted by: Steve Kafka and Khawaja Shams (Android Security and Privacy Team) and Mohet Saxena (Play Trust and Safety)

A safe and reliable Google Play experience is our top priority. We leverage SAFE (see below) principles to provide a framework for creating that experience for both users and developers. Here's what these principles mean in practice:

(S) Protect users. We help you find reliable, high-quality apps. (A) Claim developer protection. Build platform safeguards so developers can focus on growth. (F) Promote responsible innovation. Thoughtfully unlock value for everyone without compromising user safety. (E) Evolving platform defenses. Stay ahead of emerging threats by evolving your policies, tools, and technology.

With these principles in mind, we've made recent improvements and introduced new measures to keep Google Play users safe as the threat landscape continues to evolve. In 2023, we will stop 2.28 million policy-violating apps from being published on Google Play1 thanks to new and improved security features, policy updates, and investments in advanced machine learning and app review processes Did. We've also strengthened our developer onboarding and review processes to require more ID information when a developer first establishes a Play account. Combined with investments in review tools and processes, we are able to more effectively identify fraudsters and fraud groups, eliminating 333,000 malicious cases for violations such as observed malware and repeated critical policy violations. Your account has been banned from Play.

In addition, approximately 200,000 app submissions were denied or remediated to ensure proper use of sensitive permissions such as background location and SMS access. To protect user privacy at scale, we partner with our SDK providers to restrict access and sharing of sensitive data, leading to over 31 SDK privacy regimes impacting over 790,000 apps. has been strengthened. The Google Play SDK Index has also been significantly expanded to cover SDKs used by approximately 6 million apps across the Android ecosystem. This valuable resource helps developers choose better SDKs, improve app quality, and minimize integration risks.

Securing the Android ecosystem

Building on our success with the App Defense Alliance (ADA), we have partnered with Microsoft and Meta as steering committee members for the newly reconstituted ADA under the Joint Development Foundation, part of the Linux Foundation family. did. The alliance supports industry-wide adoption of app security best practices and guidelines and addressing emerging security risks.

Additionally, we announced new transparency labels in the Play Store to highlight VPN apps that have completed independent security reviews through the App Defense Alliance's Mobile App Security Assessment (MASA). When a user searches for her VPN app, a banner appears at the top of Google Play explaining the “Independent Security Review” badge in the Data Safety section. This allows users to see at a glance that developers are prioritizing security and privacy best practices and are committed to user safety.

To better protect customers who install apps outside of the Play Store, we're further strengthening the security capabilities of Google Play Protect with real-time scanning at the code level to combat new malicious apps. Our security protections and machine learning algorithms learn from each app submitted to Google for review, examining thousands of signals to compare app behavior. This new feature has already detected over 5 million new malicious Off-Play apps and will help protect Android users around the world.

Stricter developer requirements and guidelines

Last year, we updated our Play Policy around Generative AI apps, disruptive notifications, and expanded privacy protections. We're also raising the bar for new individual developer accounts by requiring new testing requirements before developers can make their apps available on Google Play. By testing your app, getting feedback, and making sure everything is ready before release, developers can deliver higher quality content to Play users. To increase trust and transparency, we've introduced expanded developer verification requirements, including your organization's DUNS number and a new “About Developer” section.

To give users more control over their personal data, apps that allow account creation should provide an option to initiate account and data deletion from within the app and online. This web requirement is especially important so that users can request deletion of their accounts and data without having to reinstall the app. To simplify the user experience, we have also included this as a feature within the data safety section of the Play Store.

Each iteration of the Android operating system (including its robust set of APIs) introduces countless enhancements to improve the user experience, strengthen security protocols, and optimize performance across the Android platform. To further protect our customers, approximately 1.5 million applications that do not target the latest APIs are no longer available in the Play Store for new users who update their devices to the latest Android version.

Looking to the future

Protecting users and developers on Google Play is paramount and constantly evolving. Google plans to launch new security initiatives in 2024, including removing apps with opaque privacy practices from Play.

We also recently filed a lawsuit in federal court against two fraudsters who uploaded fraudulent investment and cryptocurrency exchange apps to Play and made multiple misrepresentations to defraud users. This lawsuit is an important step in holding these bad actors accountable and sending a clear message that we will aggressively pursue those who seek to take advantage of our users.

We're always working on new ways to protect your experience across Google Play and the Android ecosystem, and we look forward to sharing more.

