Google says it’s bolstered its defenses against Play Store malicious apps

The Google Play Store has gotten a bad reputation for being a hub to an exorbitant amount of malicious applications. As a journalist for TechGenix, I have lost count of how many times I have been forced to report on mass infections occurring on Android devices due to the Google Play Store. As a company, Google claims to have a strict vetting system, yet time and again these applications make their way onto victims’ devices.

It is this reputation that Google claims it is trying to change with new measures that, according to them at least, have had a decent amount of success. In a post on the Android Developers Blog Andrew Ahn, product manager at Google Play, talks extensively about the newest tactics that the Play Store have taken to stop the flood of infected applications. In the post, Ahn states that thanks to “a series of new policies to protect users” the “number of rejected app submissions increased by more than 55 percent,” and additionally Google increased “app suspensions by more than 66 percent.”

The new measures have multiple areas of focus that Andrew Ahn believes are most notable. Firstly there is a new policy related to SMS and Call Log permissions that only allow applications that have “been selected as the user’s default app for making calls or sending text messages.” If the application seeks call or text functions without user permission, the application is rejected by the Google Play Store.

Another implemented security tactic by Google that Ahn believes is responsible for the uptick in malicious applications being suspended or outright rejected is how repeat offenders are handled. According to the post, Google surmises that “over 80% of severe policy violations are conducted by repeat offenders and abusive developer networks.” They will often create alternate accounts and attempt to circumnavigate the ban that way. To prevent this, though specifics were not exactly given, Google apparently has “clustering and account matching technologies, and by combining these technologies with the expertise of our human reviewers” they found an increase in safety for users.

The final point that the post touches on is that, despite all of their new success against threat actors, Google understands that it is a constant battle. In Ahn’s own words he states that even though Google has “enhanced and added layers of defense against bad apps, we know bad actors will continue to try to evade our systems by changing their tactics and cloaking bad behaviors.”

Looking at the post, I cannot help but wonder what took Google so long to implement such measures in the first place. While it is better late than never, I am not entirely convinced yet that the Google Play Store is a safer environment for the long haul. The new measures may be effective now, but what will the company do when the next mass wave of malicious applications flood the Google Play Store? Will their reaction be as poor as it was in the past or have they finally learned their lesson?

Featured image: Flickr / Roman Boed

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Simjacker spying vulnerability could affect 1B phones

Simjacker opens up 1 billion users to spying from governments, and researchers believe it is already being leveraged by several…

13 hours ago

Exchange Server log files growth and inadequate disk space allocation

When it comes to Exchange, if you build it, it will grow. Exchange Server log file growth can fill up…

18 hours ago

Hold the phone! Voice communication is becoming cool again

Business telephone conversations have largely been supplanted by email. But voice communication is far from dead — and it may…

21 hours ago

What are the potential disadvantages of SSL/TLS?

There’s wide consensus on the benefits of SSL/TLS. However, not as much attention has been given to SSL/TLS disadvantages.

4 days ago

Exploring native software inventory logging in Windows Server

Windows Server has built-software inventory logging that can be very useful. Here’s how to use this little-known feature.

4 days ago

Passwordless authentication: Safer, better, and about time

Passwordless authentication has quickly become one of the primary means by which users access their laptops, phones, and tablets because…

4 days ago