Google has unveiled its annual blog post, detailing enhanced security measures for the Play Store and Android ecosystem, including the inability to disable Google Play Protect during phone and video calls.
Google enhances Play Store security measures
Google Play Protect now scans over 200 billion apps daily, an increase from 125 billion in 2023, leading to the identification of over 13 million new malicious apps in 2024 alone. The “Scan apps with Play Protect” setting cannot be turned off during traditional phone calls or voice and video calls in popular third-party applications. This change aims to prevent social engineering attacks whereby scammers may persuade users to disable Play Protect to download harmful Internet-sideloaded apps. The user interface now warns, “If you’re asked to turn off app scanning, it may be a scam to try installing harmful apps on your device.”
In addition, Chrome for Android will remind users to re-enable Play Protect if it has been turned off. Research indicates that over 95% of app installations from major malware families that exploit sensitive permissions and correlate with financial fraud predominantly originate from Internet-sideloading sources such as web browsers, messaging apps, or file managers.
Google has expanded its enhanced fraud protection pilot to several countries, including Brazil, Hong Kong, India, Kenya, Nigeria, the Philippines, South Africa, Thailand, and Vietnam. An additional feature introduced in 2024 allows Play Protect to automatically revoke permissions from potentially harmful apps, limiting their access to sensitive data like storage, photos, and camera functions. While users can restore app permissions, a confirmation step is now required for added security.
This Edge feature could make it the most secure browser yet
2024 safety statistics from Google Play include preventing 2.36 million policy-violating apps from being published, banning more than 158,000 bad developer accounts, and blocking 1.3 million apps from gaining excessive access to sensitive user data. Notably, over 91% of app installations on Google Play now utilize the latest protections of Android 13 or newer.
Apps utilizing Play Integrity features are witnessing an average 80% lower usage from unverified and untrusted sources. Furthermore, Google Play Protect’s enhanced fraud protection initiatives have safeguarded 10 million devices from over 36 million risky installation attempts, involving more than 200,000 unique apps.
Google reported its ongoing commitment to combatting malicious apps, stating, “In 2024, we continued to invest in more ways to protect our community and fight bad actors, so billions of people can trust the apps they download from Google Play and millions of developers can build thriving businesses.”
Google’s Play Protect service now automatically disables permissions for potentially harmful Android apps, preventing access to storage, photos, and camera features. Users may restore these permissions but will need to confirm their decision to enhance security. Play Protect also conducts scans on all apps on the device, including sideloaded apps, and removes harmful apps from the Play Store while alerting users if they are still installed on their devices.
The service previously had the capability to reset permissions for unused apps and could block or disable harmful apps based on severity. Users who deactivate Play Protect will receive notifications on Chrome and Android prompting them to reactivate the service.
Google aims to counteract social engineering scams by prohibiting the turning off of Play Protect during calls. A recent update has introduced live threat detection for Pixel devices, enabling real-time identification of harmful app behavior. Additionally, Google introduced a new verification badge for VPNs, indicating compliance with specific security standards.
As Google continues to enhance its defenses, the company reported taking action against more than 2 million harmful apps and over 150,000 bad developer accounts in the previous year. The company’s increased vigilance follows warnings regarding permission abuse prevalent across the Play Store, with popular apps often seeking unnecessary permissions and failing to adhere to basic privacy standards.
Google is now focusing on permission abuse by automatically revoking permissions for potentially dangerous apps. To further enhance security, Play Protect will limit access to sensitive data for these apps. Users can, however, restore the permissions by overriding a security warning.
The Play Integrity API, another major addition, will allow apps to verify that they originated from the Play Store and have not been tampered with. Starting next month, it will differentiate between devices and OS versions, enabling developers to restrict full functionality to devices running Android 13 or newer. According to Google, apps utilizing Play Integrity features have statistically reduced usage from unverified sources by 80%, with over 91% of app installations on Google Play now using the latest protections of Android 13 or newer.
Featured image credit: Mark Stuckey/Unsplash
