In a significant move to enhance user safety and app quality, Google has successfully blocked the publication of over 1.75 million policy-violating applications on its Google Play platform in 2025. Alongside this, the tech giant has taken decisive action against over 80,000 developer accounts that attempted to introduce harmful apps. This proactive approach is underpinned by a robust framework of developer verification, mandatory pre-review checks, and stringent testing requirements, effectively reducing the avenues available for malicious actors to exploit the ecosystem.
“User safety is at the core of everything we build. Over the years, we’ve introduced tools to help users stay safe and make informed app choices — from parental controls to data safety transparency and app badges. We continue to update our policies and protections to support safe, high-quality apps on Google Play and prevent harm,” stated Vijaya Kaza, VP and GM of App & Ecosystem Trust at Google. The company’s commitment is evident in its rigorous approach, conducting more than 10,000 safety checks on every app, with ongoing evaluations even after publication.
AI-powered app review and data protection
In a groundbreaking initiative, Google has integrated generative AI models into its app review process, enabling human reviewers to identify complex malicious patterns with greater speed and accuracy. This advancement has resulted in the prevention of over 255,000 apps from gaining excessive access to sensitive user data. Tools such as Play Policy Insights in Android Studio and the Data Safety section empower developers to minimize privacy-sensitive permission requests, ensuring user-centric design choices.
Moreover, Google’s anti-spam measures have proven effective, blocking 160 million fake or manipulated ratings and reviews last year. This initiative aims to preserve trust within the app ecosystem by curbing efforts to artificially inflate or deflate app ratings.
With the expansion of Google Play Protect, the company has fortified its defenses across the Android ecosystem. Scanning over 350 billion Android apps daily, Play Protect has identified more than 27 million new malicious apps from outside Google Play, proactively warning users or blocking installations to mitigate potential threats. Enhanced fraud protection has also been implemented, analyzing apps installed from sideloading sources and blocking risky installations that could exploit sensitive permissions for financial fraud. In 2025 alone, this protection thwarted 266 million risky installation attempts, safeguarding users from 872,000 unique high-risk applications.
To combat social engineering attacks during phone calls, Google has introduced in-call scam protection. This innovative feature prevents users from disabling Google Play Protect while on a call, thwarting attackers who might attempt to trick users into compromising their defenses.
Tools and protections for developers
Recognizing the importance of supporting developers, Google has rolled out new tools and processes designed to protect their businesses and enhance app security. The Play Policy Insights tool in Android Studio provides developers with real-time feedback as they code, focusing on sensitive permissions and related APIs to ensure compliance with policy requirements. Additionally, expanded pre-review checks in the Play Console flag common issues, such as improper credential usage and broken privacy policy links, prior to submission.
Apps and games utilize the Play Integrity API to perform over 20 billion daily checks, effectively preventing abuse and unauthorized access. In 2025, the introduction of hardware-backed signals made it increasingly difficult to spoof devices. New in-app prompts assist users in resolving issues like network errors without leaving the app, while the beta launch of device recall aids developers in identifying repeat abusive actors even after a device reset.
Developer verification plays a crucial role in supporting legitimate developers while curbing repeat abuse. Following early access feedback, Google plans to extend verification to all developers this year, including a dedicated account type for students and hobbyists with limited distribution. In Android 16, developers can protect sensitive data, such as bank logins, with just one line of code, with this protection enabled by default for certain apps to guard against tapjacking, where malicious overlays capture user input.
Looking ahead, Google aims to expand its AI-driven defenses in 2026, further assisting developers in creating secure applications that prioritize user safety and trust.
