Google says it’s stepping up its efforts to prevent malicious apps from reaching Android smartphones, tablets, and other devices. In a blog post today, Andrew Ahn, product manager at Google Play, said the Mountain View company would continue to improve the automated systems that help root out unscrupulous developers in the Google Play Store, and that it would enhance the backend tools its human moderators use to identify harmful app contents and behaviors.
“Google Play is committed to providing a secure and safe platform for billions of Android users on their journey discovering and experiencing the apps they love and enjoy,” Ahn wrote. “To deliver against this commitment, we worked last year to improve our abuse detection technologies and systems, and significantly increased our team of product managers, engineers, policy experts, and operations leaders to fight against bad actors.”
Google revealed that in 2018, in part thanks to Google Play Protect — an automated security solution that scans more than 50 billion apps on billions of devices each day — the number of apps rejected and suspended from the Play Store increased by more than 55 percent and 66 percent, respectively, and that tens of thousands of apps not adherent to the Play Store’s user data and privacy policies were rejected or removed. (Google last year reported that 60.3 percent of Potentially Harmful Apps, or PHAs, were detected via machine learning.) It’s looking to improve those figures in 2019.
On the user privacy front, Google says it plans to introduce additional policies for device permissions and user data throughout 2019, and also says that it’s “further enhanced” the clustering and account-matching technologies it taps to identify “spammy” developer networks. Finally, Google says it’s regularly conducting both “static” and “dynamic” analyses of apps with inappropriate content, impersonators, and PHAs, and “intelligently” using user engagement and feedback data to help find bad apps with “higher accuracy and efficiency.”
“Despite our enhanced and added layers of defense against bad apps, we know bad actors will continue to try to evade our systems by changing their tactics and cloaking bad behaviors,” Ahn wrote. “We will continue to enhance our capabilities to counter such adversarial behavior, and work relentlessly to provide our users with a secure and safe app store.”
News around Google’s Android security initiatives come after the Mountain View company announced it’s paid out over $15 million since launching its bug bounty program in November 2010 — and after researchers with security firm Eset and Trend Micro discovered malicious Android apps hosted on the Play Store that were designed to steal cryptocurrency and trick users into downloading and installing a trojan.