Jordan Bevan
Google says it prevented more than 1.75 million policy-violating apps from being published on Google Play in 2025 and banned over 80,000 developer accounts linked to harmful activity, according to its latest Android app ecosystem safety report.
The figures mark a decline from previous years. In 2024, the company blocked 2.36 million apps and banned 158,000 developer accounts. In 2023, those totals stood at 2.28 million and 333,000 respectively. The downward trend suggests fewer malicious submissions are reaching the Play Store review pipeline, even as enforcement mechanisms have expanded.
Google attributes the shift in part to deeper integration of artificial intelligence into its review and monitoring infrastructure. The company said it now runs more than 10,000 safety checks on every app before publication and continues post-release reviews to identify emerging risks.
In 2025, generative AI models were embedded directly into the review workflow to help human analysts detect more complex malicious patterns. The company indicated it plans to increase investment in AI-driven defenses in 2026 as attackers adopt more sophisticated tactics.
Beyond blocking apps outright, Google reported that it prevented over 255,000 apps from gaining excessive access to sensitive user data. That figure is significantly lower than the 1.3 million such cases reported in 2024.
The report also details efforts to address manipulation within the Play ecosystem. Google said it blocked 160 million spam ratings and reviews during 2025, including attempts at coordinated inflation or deflation of app scores. The company added that it mitigated an average 0.5-star rating drop for apps targeted by review-bombing campaigns.
While Play Store submissions flagged for policy violations declined, malicious distribution appears to be shifting outside Google’s official marketplace.
Google Play Protect — Android’s built-in malware defense system — scanned more than 350 billion apps daily across devices in 2025. Its real-time detection identified 27 million new malicious apps originating from outside Google Play, more than double the 13 million identified in 2024 and five million in 2023.
The company expanded enhanced fraud protections to 185 markets, covering approximately 2.8 billion Android devices. During the year, it blocked 266 million risky installation attempts and flagged 872,000 high-risk applications linked to financial abuse schemes.
New in-call scam protections were also introduced, preventing users from disabling Play Protect while on phone calls — a tactic commonly exploited in social engineering attacks.
Google has tightened developer accountability measures as part of its broader enforcement strategy. Mandatory developer verification, expanded pre-review checks, and additional testing requirements were rolled out to limit repeat offenders. The company said verification will extend further across the Android ecosystem this year.
Within Android Studio and Play Console, new compliance tools — including Play Policy Insights — were introduced to surface potential policy violations during development rather than after submission. The Play Integrity API, used for abuse prevention, now processes over 20 billion checks daily, with new hardware-backed signals added to reduce device spoofing.
The company also highlighted child-safety controls, expanded parental protections, and restrictions on app categories such as gambling and dating when presented to younger audiences.
In Android 16, Google introduced additional safeguards against “tapjacking,” enabling developers to protect sensitive user actions — such as banking logins — with minimal implementation changes.
The 2025 data reflects a year in which enforcement metrics declined on the Play Store itself but increased in off-platform threat detection. As malicious actors adjust distribution methods, Google’s response appears increasingly focused on AI-assisted pre-publication controls and broader device-level protections.
The company indicated that further AI integration, developer verification expansion, and real-time fraud prevention upgrades are planned for 2026.
Comments
Loading…