Google has recently disclosed that its improved security features and app review processes have blocked 1.43 million Malicious apps from being published to the Play Store in 2022. This comes after the tech giant blocked 1.2 million policy-violating apps and banned 190,000 bad accounts in 2021. In this article, we will delve into the details of Google’s ongoing battle against malicious apps, discuss the company’s efforts to improve security and examine the challenges that persist despite these efforts.

Google’s Efforts to Improve App Security

  1. Identity Verification: Google has introduced identity verification methods such as phone number and email address requirements to join Google Play. This has contributed to a reduction in accounts used to publish apps that violate its policies.
  2. App Security Improvements Program: In 2022, the program helped developers fix approximately 500,000 security weaknesses affecting around 300,000 apps with a combined install base of approximately 250 billion installs.
  3. Developer-Facing Features: Google has fended off over $2 billion in fraudulent and abusive transactions through features like Voided Purchases API, Obfuscated Account ID, and Play Integrity API. Additionally, it has banned 173,000 bad accounts in 2022.
  4. Sensitive Permissions: Google has prevented about 500,000 submitted apps from unnecessarily accessing sensitive permissions over the past three years.
  5. New Data Deletion Policy: Google recently enacted a policy requiring app developers to offer a “readily discoverable option” for data deletion to users, both within an app and outside of it.

Challenges in Combating Malicious Apps

Despite Google’s efforts, cybercriminals continue to find ways around the app storefront’s security protections to publish malicious and adware apps. McAfee’s Mobile Research Team discovered 38 games masquerading as Minecraft, installed by over 35 million users worldwide. These gaming apps incorporated the HiddenAds malware, which stealthily loads ads in the background to generate illicit revenue for its operators.

The surge in Android banking malware and the use of binding services to trojanize legitimate applications pose further challenges in combating malicious apps. For instance, the Android botnet DAAM abuses Android’s accessibility services to perform a wide range of nefarious actions, including acting as ransomware, logging keystrokes, recording VoIP calls, and opening phishing URLs.

Moreover, CloudSEK discovered that popular Android applications like Canva, LinkedIn, Strava, Telegram, and WhatsApp do not invalidate or revalidate session cookies after app data is transferred from one device to another. This could potentially allow adversaries to take over accounts and access confidential data if they have physical access to a target’s phone.

Mitigating Threats and Best Practices

To mitigate the risks posed by malicious apps, users are advised to:

  1. Enable two-factor authentication (2FA) to add an extra layer of account protection.
  2. Scrutinize app permissions and only grant necessary access.
  3. Secure devices with a password and avoid leaving them unattended in public places.

Google’s ongoing battle against malicious apps has led to notable successes, with millions of harmful apps being blocked from the Play Store. However, cybercriminals continue to find ways around security measures, and new threats emerge regularly. As a result, it is essential for Google to continue refining its security measures and for users to remain vigilant in protecting their devices and data. By working together, the tech giant and its users can build a safer and more secure app ecosystem.