NEW DELHI: Google is taking various steps to secure its Google Play store. From strengthening its developer onboarding and review processes to labelling VPN apps or phasing out outdated apps, the company is dedicated to creating a more secure and user-friendly experience. In a blog post, the company said it is investing in new and improved security features, policy updates, and advanced machine learning and app review processes to keep Google Play users safe, even as the threat landscape continues to evolve. Last year, Google filtered out over 2 million apps with questionable credentials. “In 2023, we prevented 2.28 million policy-violating apps from being published on Google Play in part thanks to our investment in new and improved security features, policy updates, and advanced machine learning and app review processes,” said the US-based technology giant.
Strengthening onboarding process
Google has tightened its review processes for developer onboarding and review. Developers will now have to furnish more identity information when they first establish their Play accounts. With this enhancement, Google claims to have identified bad actors and fraud rings, resulting in the banning of 333K bad accounts from Play for violations such as confirmed malware and repeated severe policy violations. Additionally, almost 200K app submissions were either rejected or remediated to ensure the proper use of sensitive permissions, such as background location or SMS access.
Partnering for privacy
Google, in its blog, mentioned that to tackle privacy concerns at scale, it has partnered with software development kit (SDK) providers. These partnerships aim to limit the amount of data collected by apps that utilise these SDKs. As per Google, the collaboration impacted over 790,000 apps by restricting unnecessary data access and sharing. Additionally, Google has significantly expanded the Play Store’s SDK Index that empowers developers to make informed choices regarding privacy conscious SDKs. This not only enhances user privacy but also minimises integration risks for developers.
Label for VPN
Choosing a trustworthy VPN app can be daunting. To simplify this decision-making process, Google Play has introduced a new transparency label. This label highlights VPN apps that have undergone independent security audits conducted by the App Defense Alliance’s Mobile App Security Assessment program. Users can now easily identify apps prioritising security and user privacy based on this clear indicator.
Combating malicious apps from outside
Google Play Protect can now identify malicious apps even if you download them from outside the Play Store. According to Google, to better protect its customers who instal apps from sources other than Play Store, it has enhanced Google Play Protect’s security capabilities with real-time scanning at the code-level to combat novel malicious apps.
“Our security protections and machine learning algorithms learn from each app submitted to Google for review and we look at thousands of signals and compare app behaviour. This new capability has already detected over 5 million new, malicious off-Play apps, which helps protect Android users worldwide,” said the company.
Stricter developer requirements
Google has implemented stricter requirements to ensure high-quality apps and greater developer accountability. New mandates include mandatory testing procedures for developers before their apps can be published on Google Play. This testing phase allows developers to identify and rectify any issues before launch, ultimately offering users a more polished and reliable app experience.
User control over data
Apps that enable account creation must now provide users with an option to delete their accounts and associated data directly within the app or through an online portal. This empowers users to manage their privacy more effectively and simplifies the data deletion process. Google Play is phasing out outdated apps that are not compatible with the latest Android APIs. This ensures users with updated devices have access to apps that leverage the most recent security features.