App developers within the Android ecosystem can find solace in Google’s renewed commitment to enhancing platform security. Suzanne Frey, the VP of Product, Trust & Growth for Android & Play at Google, has unveiled a comprehensive suite of improvements aimed at simplifying the app development process while simultaneously bolstering the security of the Google Play Store for millions of users globally.
“Knowing that you’re building on a safe, secure ecosystem is essential for any app developer. We continuously invest in protecting Android and Google Play, so millions of users around the world can trust the apps they download and you can build thriving businesses,” Frey remarked. She emphasized Google’s dedication to refining developer tools to facilitate the implementation of world-class security.
Over recent years, Google has actively collaborated with developers to position Google Play as a secure platform for both creators and end-users. This partnership has already yielded notable advancements, including:
- Enhanced tools designed to safeguard businesses from scams and fraud.
- Pre-review checks that identify policy and compatibility issues early in the development cycle.
- Provision of transparent information on Google Play to foster consumer trust.
- Strengthened threat-detection capabilities utilizing Google’s advanced AI to keep malicious actors at bay.
Making secure app development easier from the start
Google Play’s policies are pivotal in maintaining a secure environment for all stakeholders. The Play Console’s pre-review checks have proven invaluable in assisting developers to address policy and compatibility issues prior to formal app submission. Recent enhancements include checks for privacy policy links and login credential requirements, with additional pre-review checks set to launch this year to help developers navigate common policy challenges.
In a proactive move, Google has begun notifying developers about relevant policies earlier in the development process, directly within Android Studio. While initial notifications covered a few key areas, this year will see an expansion to encompass a broader range of policies.
In response to developer feedback, Google has revamped its policy experience to provide clearer updates, more time for substantial changes, flexible requirements while maintaining safety standards, and enhanced information through live Q&A sessions. A new communication method will soon be trialed within the Play Console to deliver information precisely when developers need it most. Furthermore, Google plans to invest in gathering developer feedback to improve understanding of policies and facilitate issue resolution before app submission through new features in both the Console and Android Studio.
The popular Google Play Developer Help Community, which attracted 2.7 million visits last year, is also set for expansion, providing a platform for developers to find answers to policy questions, share knowledge, and connect with peers. Plans are in place to broaden the community’s reach by including additional languages.
Protecting businesses, users, and children
The Play Integrity API serves as a crucial tool in safeguarding businesses against various forms of abuse, including fraud, bots, cheating, and data theft. Developers are currently leveraging these APIs to conduct over 500 million daily checks for potentially fraudulent or risky behavior.
The recently introduced app access risk detection within the Play Integrity API is also processing over 500 million daily checks. Google reports that apps utilizing Play Integrity features are experiencing an average of 80% less usage from unverified and untrusted sources. The company is committed to further enhancing the Play Integrity API this year, providing even stronger protection for a broader user base.
Recent improvements to the underlying technology for devices running Android 13 (API level 33) and above have resulted in a faster, more reliable, and privacy-preserving experience for users. Enhanced security signals have also been launched to assist Android developers in assessing the trustworthiness of the environment in which their app operates. These improvements will be automatically rolled out to all developers using the API in May, with an option to opt-in and start using the enhanced verdicts immediately.
Future enhancements planned for later this year include new features to combat emerging threats, such as the ability to re-identify abusive and risky devices while preserving user privacy. Additionally, Google is developing more tools to guide users in resolving issues, prompting them to install security updates or alerting them if they are using a modified version of an app.
For apps within specific categories, Google offers badges that provide an additional layer of validation, connecting users with safe, high-quality experiences. Building on the success of last year’s “Government” badge, which helps users identify official government applications, a new “Verified” badge has been introduced this year for VPN apps demonstrating a strong commitment to security. Google plans to expand this initiative by adding badges to more app categories in the future.
Recognizing the added responsibility when apps are designed for or appeal to children, Google is committed to partnering with developers to ensure a safe online experience for younger users, protect their privacy, and empower families. In addition to existing programs like Google Play’s Teacher Approved program and Families policies, Google is developing new tools like the Credential Manager API, currently in Beta for Digital IDs.
Bolstering the security of the wider Android ecosystem
Google’s commitment to improving security extends beyond the Play Store to encompass the broader Android ecosystem. According to Google, investments last year in stronger privacy policies, AI-powered threat detection, and other security measures prevented 2.36 million policy-violating apps from being published on Google Play.
Frey highlighted that recent analysis found over 50 times more Android malware from Internet-sideloaded sources than on Google Play. This year, Google is actively working to make it even more challenging for malicious actors to conceal themselves or trick users into installing harmful applications. These efforts will not only protect developers’ businesses from fraud but also instill greater confidence in users when downloading apps.
Meanwhile, Google Play Protect is continuously evolving to tackle new threats and safeguard users from harmful apps that can lead to scams and fraud. Given its critical role in user safety, Google is taking further steps to prevent scammers from socially engineering users into disabling this protection. This includes extending live threat detection to target malicious applications that attempt to mimic banking apps and expanding the enhanced financial fraud protection trial to additional countries with similar high levels of threat.
Google is also collaborating with industry leaders to protect all users, regardless of the device they use or where they download their apps. As a founding member of the App Defense Alliance (ADA), Google is working to establish and promote industry-wide security standards for mobile and web applications, as well as cloud configurations. Recently, the ADA launched Application Security Assessments (ASA) v1.0, providing clear guidance to developers on protecting sensitive data and preventing cyber attacks, ultimately boosting user trust.
These initiatives from Google underscore a robust commitment to fostering a secure and trustworthy environment for both Android app developers and the millions of users who rely on the Play Store.
