The Android ecosystem thrives as a global community, fostering trust among billions of users who confidently download the latest applications. To uphold this trust, our primary focus remains on preventing real-world harm, including malware, financial fraud, hidden subscriptions, and privacy invasions. As malicious actors increasingly leverage AI to refine their tactics, we have significantly enhanced our investments in AI and real-time defenses over the past year, ensuring we stay ahead of these threats before they can impact our users.
Upgrading Google Play’s AI-powered, multi-layered user protections
Our safety initiatives have made a noticeable impact on Google Play. In 2025, we successfully prevented over 1.75 million policy-violating apps from being published and banned more than 80,000 malicious developer accounts that attempted to introduce harmful applications. These statistics illustrate how our proactive measures and commitment to a more accountable ecosystem deter bad actors while empowering honest developers to create compliant apps more easily. Through initiatives such as developer verification, mandatory pre-review checks, and stringent testing requirements, we have elevated the standards within the Google Play ecosystem, significantly reducing entry points for malicious actors.
User safety remains at the heart of our development process. Over the years, we have consistently introduced features designed to help users make informed app choices, including parental controls, data safety transparency, and app badges. Our ongoing improvements to policies and protections aim to promote safe, high-quality applications on Google Play while preventing harm from bad actors.
Every app on Google Play undergoes rigorous reviews for safety and compliance with our policies. Last year, we disclosed that Google Play conducts over 10,000 safety checks on each app published, and we continue to monitor and reassess apps post-publication. In 2025, we further scaled our defenses by:
- Boosting AI-enhanced app detection: We integrated Google’s latest generative AI models into our review process, allowing our human review team to identify complex malicious patterns more swiftly.
- Preventing unnecessary access to sensitive data: We successfully blocked over 255,000 apps from gaining excessive access to sensitive user data while enhancing our privacy policies. Our commitment to privacy-forward app development, supported by tools like Play Policy Insights in Android Studio and the Data Safety section, has empowered developers to minimize privacy-sensitive permission requests and prioritize user-centric design.
- Blocking spam ratings and reviews: Spam ratings and reviews can undermine user trust and hinder developer growth. Our evolving detection models ensure app reviews remain accurate, with our anti-spam protections blocking 160 million spam ratings and reviews last year, including both inflated and deflated reviews. This effort also prevented an average 0.5-star rating drop for apps targeted by review bombing, safeguarding both users and developers.
- Safeguarding kids and families: Our approach to children and families is rooted in the belief that children deserve a safe and enriching digital environment. We empower parents with robust tools while ensuring children have access to high-quality, age-appropriate content. Last year, we introduced additional layers of protection to prevent younger audiences from discovering or downloading apps related to gambling or dating.
Enhancing Google Play Protect to help keep the entire Android ecosystem safe
Our commitment to improving protections extends to the broader Android ecosystem through the expansion of Google Play Protect and real-time security measures, such as in-call scam protections, designed to shield users from scams, fraud, and other threats.
As Android’s built-in defense against malware and unwanted software, Google Play Protect now scans over 350 billion Android apps daily. This proactive measure continuously checks both Play apps and those from alternative sources to ensure they are not potentially harmful. Last year, its real-time scanning capability identified more than 27 million new malicious apps from outside Google Play, alerting users or blocking the app to neutralize the threat. We recommend that users keep Google Play Protect activated to benefit from these safeguards.
While fraudsters continuously adapt their strategies, Google Play Protect evolves even more rapidly. Last year, we expanded:
- Enhanced fraud protection: Google Play Protect now analyzes and automatically blocks the installation of apps that may misuse sensitive permissions for financial fraud. This protection activates when users attempt to install an app from an “Internet-sideloading source,” such as a web browser or messaging app, that requests sensitive permissions. Following a successful pilot in Singapore, we expanded this protection to 185 markets, now covering over 2.8 billion Android devices. In 2025, we blocked 266 million risky installation attempts and helped protect users from 872,000 unique, high-risk applications.
- In-call scam protection: We introduced new safeguards against social engineering attacks during phone calls. This feature preemptively disables the ability to turn off Google Play Protect during calls, preventing bad actors from tricking users into disabling their device’s defenses to download malicious apps while on a call.
Partnering with developers for a more secure, privacy-friendly future
Ensuring the safety of Android and Google Play necessitates deep collaboration. We extend our gratitude to our global developer community for their partnership and feedback regarding the tools and support they require to thrive.
In 2025, we concentrated on minimizing friction for developers while equipping them with tools to protect their businesses:
- Building safer apps more easily: We assist developers in streamlining their processes by integrating insights directly into their workflows. This begins with Play Policy Insights in Android Studio, providing real-time feedback as they code. Our focus is on permissions and APIs that grant deeper system access or handle personal data, such as location or photos. This proactive approach enables developers to meet policy requirements, including prominent disclosures or usage declarations, while still in the development phase. When transitioning to Play Console for app submission, our expanded pre-review checks help identify common rejection reasons, ensuring smoother and faster reviews.
- Stronger threat detection with Play Integrity API: Daily, apps and games perform over 20 billion checks with Play Integrity API to guard against abuse and unauthorized access. In 2025, we added hardware-backed signals to complicate spoofing attempts by bad actors and introduced new in-app prompts that allow users to resolve common issues, such as network errors, without leaving the app. We also launched device recall in beta to assist developers in identifying repeat offenders even after a device reset, all while safeguarding user privacy.
- Building trust through developer verification: The effectiveness of developer verification on Google Play has been evident, and we are now extending these lessons to the broader Android ecosystem. By ensuring a real, accountable identity is associated with every app, verification legitimizes authentic developers and prevents bad actors from hiding behind anonymity. Following feedback from our early access period, we plan to open verification to all developers this year, including a dedicated account type for students and hobbyists, allowing them to distribute apps to a limited number of devices without full verification requirements.
- Greater security with every Android release: In Android 16, developers can protect users’ most sensitive information, such as bank logins, with just one line of code. This feature has been automatically integrated into certain apps, providing an instant security enhancement against “tapjacking,” a tactic where malicious apps utilize hidden layers to hijack clicks for ad fraud.
Looking ahead
Our foremost priority remains the establishment of Google Play and Android as the most trusted app ecosystems for all users. This year, we will continue to invest in AI-driven defenses to stay ahead of emerging threats while equipping Android developers with the necessary tools to build apps safely. Our commitment to empowering developers who distribute their apps on Google Play will persist, focusing on embedding checks that facilitate compliant app development from the outset and offering guidance to proactively avoid policy violations prior to publication. Additionally, we will roll out Android developer verifications to hold bad actors accountable and prevent them from operating under the veil of anonymity.
We appreciate your participation in the Google Play and Android community as we collaboratively strive to create a safer app ecosystem.
