Google has released its annual review detailing the security measures implemented for Android and Google Play, emphasizing its commitment to fostering a safe environment for developers and users alike. The company stated, “We’re constantly improving our policies and protections to encourage safe, high-quality apps on Google Play and stop bad actors before they cause harm.” This ongoing effort aims to prevent real-world threats such as malware, financial fraud, hidden subscriptions, and privacy invasions. As adversaries increasingly employ AI to enhance their tactics, Google has significantly ramped up investments in AI and real-time defenses over the past year to stay ahead of these evolving threats.
Sharing numbers, the blog post says:
- In 2025, Google successfully prevented over 1.75 million policy-violating apps from being published on Google Play and banned more than 80,000 developer accounts attempting to introduce harmful applications.
- Google Play conducted over 10,000 safety checks on every app published, with ongoing assessments even after launch.
- Anti-spam measures blocked 160 million spam ratings and reviews last year, safeguarding users from inflated or deflated reviews, and averting an average 0.5-star rating drop for apps targeted by review bombing.
- Google Play Protect now scans over 350 billion Android apps daily.
How Google Play Protect expanded in 2025
In a bid to enhance user safety, Google Play Protect introduced advanced fraud protection that analyzes and blocks the installation of apps potentially abusing sensitive permissions for financial fraud. This feature activates when users attempt to install apps from “Internet-sideloading sources,” such as web browsers or messaging apps, that request sensitive permissions. Following a successful pilot in Singapore, this protection has now expanded to 185 markets, covering more than 2.8 billion Android devices. In 2025, Google blocked 266 million risky installation attempts and protected users from 872,000 unique, high-risk applications.
Additionally, new in-call scam protections were introduced to combat social engineering attacks during phone calls. This feature preemptively disables the ability to turn off Google Play Protect during calls, thwarting bad actors who might trick users into disabling their device’s defenses to download malicious apps.
Tools Google gave app developers in 2025 to safeguard their businesses
To assist developers in creating safer applications, Google has streamlined processes by integrating insights directly into their workflows. The introduction of Play Policy Insights in Android Studio provides real-time feedback as developers code, focusing initially on permissions and APIs that handle sensitive data. This proactive approach helps developers meet policy requirements while still in the development phase.
As developers transition to Play Console for app submission, expanded pre-review checks identify common rejection reasons, such as improper credential usage or broken privacy policy links, ensuring a smoother review process.
Furthermore, the Play Integrity API has strengthened threat detection, with apps and games conducting over 20 billion checks daily to guard against abuse and unauthorized access. In 2025, hardware-backed signals were added to make it more challenging for bad actors to spoof devices, alongside new in-app prompts that assist users in resolving common issues without leaving the app. A beta launch of device recall aims to help developers identify repeat offenders even after a device reset, all while safeguarding user privacy.
Building trust through developer verification has proven effective on Google Play, and Google plans to extend these lessons across the broader Android ecosystem. By ensuring a real, accountable identity behind each app, verification legitimizes authentic developers and deters bad actors from hiding behind anonymity. Following feedback from an early access period, verification will be made available to all developers this year, including a dedicated account type for students and hobbyists to distribute apps to a limited number of devices without full verification requirements.
With every new Android release, security measures are enhanced. In Android 16, developers can now protect users’ private information, such as bank logins, with a single line of code, automatically integrating features to shield against “tapjacking,” a tactic where malicious apps use hidden layers to steal clicks for ad fraud.
Google’s ‘security plan’ for 2026
Looking ahead to 2026, Google has outlined plans to further invest in AI-driven defenses to stay ahead of emerging threats. The company aims to equip Android developers with the necessary tools to build apps safely, maintaining a focus on embedding compliance checks to facilitate the creation of apps that adhere to policies from the outset. Additionally, Android developer verifications will be rolled out to hold bad actors accountable and prevent them from operating under the veil of anonymity, thereby reducing the risk of repeated harm.
