Google says it’s bolstered its defenses against Play Store malicious apps

The Google Play Store has gotten a bad reputation for being a hub to an exorbitant amount of malicious applications. As a journalist for TechGenix, I have lost count of how many times I have been forced to report on mass infections occurring on Android devices due to the Google Play Store. As a company, Google claims to have a strict vetting system, yet time and again these applications make their way onto victims’ devices.

It is this reputation that Google claims it is trying to change with new measures that, according to them at least, have had a decent amount of success. In a post on the Android Developers Blog Andrew Ahn, product manager at Google Play, talks extensively about the newest tactics that the Play Store have taken to stop the flood of infected applications. In the post, Ahn states that thanks to “a series of new policies to protect users” the “number of rejected app submissions increased by more than 55 percent,” and additionally Google increased “app suspensions by more than 66 percent.”

The new measures have multiple areas of focus that Andrew Ahn believes are most notable. Firstly there is a new policy related to SMS and Call Log permissions that only allow applications that have “been selected as the user’s default app for making calls or sending text messages.” If the application seeks call or text functions without user permission, the application is rejected by the Google Play Store.

Another implemented security tactic by Google that Ahn believes is responsible for the uptick in malicious applications being suspended or outright rejected is how repeat offenders are handled. According to the post, Google surmises that “over 80% of severe policy violations are conducted by repeat offenders and abusive developer networks.” They will often create alternate accounts and attempt to circumnavigate the ban that way. To prevent this, though specifics were not exactly given, Google apparently has “clustering and account matching technologies, and by combining these technologies with the expertise of our human reviewers” they found an increase in safety for users.

The final point that the post touches on is that, despite all of their new success against threat actors, Google understands that it is a constant battle. In Ahn’s own words he states that even though Google has “enhanced and added layers of defense against bad apps, we know bad actors will continue to try to evade our systems by changing their tactics and cloaking bad behaviors.”

Looking at the post, I cannot help but wonder what took Google so long to implement such measures in the first place. While it is better late than never, I am not entirely convinced yet that the Google Play Store is a safer environment for the long haul. The new measures may be effective now, but what will the company do when the next mass wave of malicious applications flood the Google Play Store? Will their reaction be as poor as it was in the past or have they finally learned their lesson?

Featured image: Flickr / Roman Boed

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

CRD in Kubernetes: Powerful boost for an already powerful platform

While Kubernetes is already the No. 1 container orchestration tool, a custom resource definition, or CRD, adds incredible custom features…

2 days ago

PowerShell Quick Tip: Consistent output in Azure Automation Accounts

Here’s another in our popular Quick Tips series. This one focuses on PowerShell and how it can help you get…

2 days ago

Microsoft Teams and Office 365: A marriage made in Redmond

Will Microsoft Teams dominate the market for real-time collaboration tools? And does integration with Office 365 ensure Redmond’s victory in…

2 days ago

Don’t let the wrong .NET Framework break your Exchange server

There’s nothing more frustrating than applying an update or hotfix that breaks Exchange. One usual suspect in this scenario is…

2 days ago

Consolidate several VMs to a single virtual network with this script

There are good reasons to consolidate several VMs to a single virtual network. Here’s a script that will help you…

3 days ago

Top 5 startups providing cloud-based multifactor authentication

As cyberattacks grow in number and severity, organizations are embracing multifactor authentication. These startups are leaders in identity protection.

3 days ago