Google has taken significant steps to secure the Android ecosystem and protect user privacy by implementing enhanced security features, policy updates, and machine learning and app review processes. As a result, the handling of malicious apps has significantly improved. In 2023, the company rejected or required remediation for nearly 200,000 apps submitted to the Play Store due to issues related to sensitive data access. Additionally, it blocked 333,000 accounts from the app store for policy violations and malware spread.
To ensure user privacy at scale, Google has partnered with SDK providers to limit access and sharing of sensitive data and has enhanced security for over 31 SDKs, positively impacting over 790,000 apps. The company has also doubled its effectiveness in blocking applications, with 2.28 million blocked apps in 2023 as compared to 1.43 million in 2022.
Google has also strengthened its developer review and onboarding process, requiring additional identification information and completion of a verification process when setting up a developer account. This helps the company understand its developer community and identify bad actors who spread malicious applications.
In November 2023, Google formed the Application Defense Alliance (ADA) in collaboration with the Linux Foundation, with Meta and Microsoft joining as founding members. The ADA is committed to strengthening application security and related standards across the ecosystem.
Google has also implemented real-time scanning at the source code level and introduced an “Independent Security Review” badge for VPN apps that have undergone review. The company has removed about 1.5 million apps from the Play Store that did not use the latest APIs. All these measures demonstrate Google’s commitment to ensuring the safety and security of the Android ecosystem.