Google says it’s bolstered its defenses against Play Store malicious apps

The Google Play Store has gotten a bad reputation for being a hub to an exorbitant amount of malicious applications. As a journalist for TechGenix, I have lost count of how many times I have been forced to report on mass infections occurring on Android devices due to the Google Play Store. As a company, Google claims to have a strict vetting system, yet time and again these applications make their way onto victims’ devices.

It is this reputation that Google claims it is trying to change with new measures that, according to them at least, have had a decent amount of success. In a post on the Android Developers Blog Andrew Ahn, product manager at Google Play, talks extensively about the newest tactics that the Play Store have taken to stop the flood of infected applications. In the post, Ahn states that thanks to “a series of new policies to protect users” the “number of rejected app submissions increased by more than 55 percent,” and additionally Google increased “app suspensions by more than 66 percent.”

The new measures have multiple areas of focus that Andrew Ahn believes are most notable. Firstly there is a new policy related to SMS and Call Log permissions that only allow applications that have “been selected as the user’s default app for making calls or sending text messages.” If the application seeks call or text functions without user permission, the application is rejected by the Google Play Store.

Another implemented security tactic by Google that Ahn believes is responsible for the uptick in malicious applications being suspended or outright rejected is how repeat offenders are handled. According to the post, Google surmises that “over 80% of severe policy violations are conducted by repeat offenders and abusive developer networks.” They will often create alternate accounts and attempt to circumnavigate the ban that way. To prevent this, though specifics were not exactly given, Google apparently has “clustering and account matching technologies, and by combining these technologies with the expertise of our human reviewers” they found an increase in safety for users.

The final point that the post touches on is that, despite all of their new success against threat actors, Google understands that it is a constant battle. In Ahn’s own words he states that even though Google has “enhanced and added layers of defense against bad apps, we know bad actors will continue to try to evade our systems by changing their tactics and cloaking bad behaviors.”

Looking at the post, I cannot help but wonder what took Google so long to implement such measures in the first place. While it is better late than never, I am not entirely convinced yet that the Google Play Store is a safer environment for the long haul. The new measures may be effective now, but what will the company do when the next mass wave of malicious applications flood the Google Play Store? Will their reaction be as poor as it was in the past or have they finally learned their lesson?

Featured image: Flickr / Roman Boed

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Best programming languages to learn in 2020

Every hour you spend learning to code will pay off big. But which are the best programming languages to learn?…

6 hours ago

Endpoint security best practices and policies to mitigate risks

Failure to adequately secure endpoints can have catastrophic results. Here’s a look at the most important endpoint security best practices.

11 hours ago

Simplifying complex networks: A guide for enterprises

As networks grow in technological capabilities, they are harder to manage. Here are some tools for simplifying complex networks that…

14 hours ago

Managing Azure firewall and virtual networks with PowerShell

Here’s how to manage firewall and virtual networks in a Storage Account and how to use Azure Automation to enforce…

1 day ago

Microsoft exposed 250 million users’ private records in December

Microsoft exposed roughly 250 million customer service and support records last month. While the company says it secured all servers,…

1 day ago

Keep a lid on your AWS cloud goodies with breach and attack simulation

If you store business data in the AWS cloud, you need to secure it against unauthorized access. A breach and…

2 days ago