Skip to main content

Google blocked 962k malicious apps from the Play Store in 2020

Google used advanced machine learning capabilities and improved app review processes to ban 119,000 malicious and spammy developer accounts in 2020 and also prevented 962,000 apps from getting published on the Google Play Store.

In a post published last week in its security blog, the global tech giant said it has improved its fraud-detection capabilities to weed out malicious apps from the Play Store, isolate and kick out fraudulent app developers, and prevent the publication of malicious applications that don’t comply with the company’s policies.

Stating that Google scanned over 100B installed apps each day for malware in 2020, Krish Vitaldevara, Director of Product Management Trust & Safety, Google Play, said the company has further optimised its processes to better protect users, assist good developers, and strengthen its guard against bad apps and developers.

“Our core efforts around identifying and mitigating bad apps and developers continued to evolve to address new adversarial behaviors and forms of abuse. Our machine-learning detection capabilities and enhanced app review processes prevented over 962k policy-violating app submissions from getting published to Google Play.

“We also banned 119k malicious and spammy developer accounts. Additionally, we significantly increased our focus on SDK enforcement, as we’ve found these violations have an outsized impact on security and user data privacy,” Vitaldevara said.

Aside from cracking down on fraudulent developers and removing malicious apps, Google has also made it difficult for applications to obtain sensitive user permissions, such as location access, by making it mandatory for app developers to demonstrate clear user benefit and prominently tell users about it or face possible removal from Google Play.

The company also took action againt the use of fraudulent apps to perpetrate COVID-19-related fraud and scams by requiring all apps, that cater to sensitive use cases or provide testing information, to be endorsed by either official governmental entities or healthcare organizations. These apps are also required to meet high standards for user data privacy.

To also curb the dissemination of disinformation and fake news, Google introduced minimum requirements that apps must comply with in order to be declared as “News” apps on the Play Store. The company also worked with academic experts and teachers to evaluate apps designed for children to help children and parents find great content without placing their privacy and security at risk.

Even though malicious app developers continue to find ways to bypass stringent security controls and publish malicious and fraudulent apps on the Google Play Store, Google’s concerted actions againt such tactics has borne fruit in recent times. For instance, creators of the Joker malware, a well-known malware that signs up users to premium services without their knowledge or consent, recently targeted Huawei smartphones instead of Android phones to defraud users.

According to security researchers from antivirus firm Doctor Web, the malware’s operators used ten seemingly harmless apps, ranging from a camera app, a virtual keyboard app, a sticker collection app, to a gaming app, to spread the Joker malware to as many as 538,000 Huawei devices where these apps were downloaded.

Previously, Joker was used to infiltrate Android devices since 2019 through seemingly harmless apps that were added to the Google Play Store with fake functionalities. In January 2020 alone, Google kicked out as many as 1,700 apps from the Play Store that were found hiding the Joker malware. By then, these applications had enjoyed millions of downloads, enabling operators of the malware to victimise a large number of smartphone users with billing fraud campaigns.

According to Google, while earlier versions of Joker, that appeared sometime in 2017, were engaged in carrying out SMS fraud, later versions of the malware (also known as Bread malware) were designed for billing fraud that involved the malware authors using injected clicks, custom HTML parsers, and SMS receivers to automate billing processes without requiring any interaction from the user.


All rights reserved Teiss Recruitment Ltd.