Google revealed on Monday that nearly 200,000 app submissions to its Play Store for Android were rejected or correct to address issues accessing sensitive data such as location or SMS messages over the past year.
Google's fight against malicious applications on the Play Store in 2023
The tech giant also said it had blocked 333,000 fraudulent accounts from the app store in 2023 for attempts to distribute malware or for repeated policy violations.
“In 2023, we prevented 2.28 million violating apps from appearing on Google Play thanks in part to our investment in new and improved security features, policy updates and advanced machine learning and app review processes“, they have declared Steve Kafka, Khawaja Shams and Mohet Saxena of Google.
Google researchers then added: “To help safeguard user privacy on a large scale, we have partnered with SDK vendors to limit access and sharing of sensitive data, improving privacy posture for over 31 SDKs impacting over 790,000 apps“.
By comparison, Google he rejected 1.43 million malicious apps since published on the Play Store in 2022, as well as banning 173,000 accounts with fraudulent intentions (apps that steal data, steal bank accounts, and so on) in the same period.
Google also increases the requirements to become a developer on PlayStore
Additionally, the Mountain View-based company said it has strengthened its developer integration and review processes, requiring them to provide more information on their identity and complete a verification process when creating their Play Console developer accounts.
This, the company noted, it allows her to better understand the developer community and to eradicate the accounts behind which cyber criminals hide and who abuse the system to spread malicious applications.
Meta and Microsoft have also contributed to the fight against malicious applications
The development comes as Google is adopting a series of measurements to protect the Android ecosystem; last November, he transferred the App Defense Alliance (ADA), launched in November 2019, under the umbrella of the Linux Foundation, with Meta and Microsoft joining as founding members of the steering committee.
Around the same time, the company also introduced the real-time scanning (basically something very similar to Windows Defender, but on Android) at the level code to address new Android malware and an “Independent Security Review” badge in the Data Security section of the Play Store for VPN apps that have passed a mobile application security audit (MASA).
From the user side, Google has also taken the lead remove approximately 1.5 million applications from the Play Store that do not point to the latest APIs.
Google's ongoing struggle to tackle malicious actors on Android coincides with one lawsuit filed by the firm in the United States against two China-based fraudsters accused of participating in an international online investment fraud scheme and tricking users into downloading fake apps from the Play Store and other sources, ultimately stealing their funds.
When even official sources are often not reliable
This case concerning Google's PlayStore is quite emblematic, if it is true that official sources are usually the safest ones, however, not even official sources like the PlayStore are immune to indirect attacks like this, Although the PlayStore has a number of controls, millions of apps are uploaded annually and it is not always possible to control them all.
It is therefore up to the user to learn to inform themselves and recognize threats.
#Google #stop #million #apps #PlayStore
