NewApp Digest
search bot

Google Play Protect

Dangerous "NoVoice" malware found in over 50 Play Store apps that were installed 2.3 million times
AppWizard
April 6, 2026

Dangerous “NoVoice” malware found in over 50 Play Store apps that were installed 2.3 million times

A new malware threat called "NoVoice" has been found in over 50 applications on the Google Play Store, with 2.3 million installations on Android devices. Discovered by McAfee, this malware is hidden in seemingly harmless apps like system cleaners, games, and image galleries. It exploits Android vulnerabilities to gain root access, potentially allowing attackers to steal sensitive information and manipulate applications without user consent. In some cases, it may persist even after a factory reset. Google has stated that Android devices updated since May 2021 are protected against this threat and that Google Play Protect actively removes malicious apps and blocks new installations. The malware was not able to infect devices in Beijing and Shenzhen, suggesting the attackers may be avoiding local law enforcement. One identified app carrying the NoVoice payload is SwiftClean, developed by Biodun Popoola. The malware operates using a silent audio file, executing its code without user detection. Users are advised to download apps only from the Google Play Store and keep their devices updated.
2.3 Million Users Affected by New Android Malware Hid in 50 Google Play Apps
AppWizard
April 3, 2026

2.3 Million Users Affected by New Android Malware Hid in 50 Google Play Apps

Google has imposed strict restrictions on sideloading applications on Android devices due to concerns about risks from external sources. A new malware named NoVoice has been discovered on Google Play, embedded in over 50 applications with at least 2.3 million downloads, potentially compromising that many devices. The malware seeks root access by exploiting vulnerabilities in older Android versions and can steal sensitive data and install/remove apps without consent. It is difficult to remove, as it installs recovery scripts that survive factory resets. However, Google has stated that devices updated since May 2021 are protected against this threat, and Google Play Protect removes these apps and blocks new installs. Users with devices updated after May 2021 are considered safe, while those with infected apps should consider their devices compromised.
Google Responds As 50 Apps With 2 Million Downloads Hit By Malware
AppWizard
April 3, 2026

Google Responds As 50 Apps With 2 Million Downloads Hit By Malware

Researchers at McAfee Labs discovered that 50 Android applications on the Google Play Store contain malware known as NoVoice, which can grant full remote access to infected smartphones. These apps have over 2.3 million downloads. The malware can communicate with remote servers, profile devices, and download tailored root exploits, potentially compromising specific hardware and software configurations. However, devices with an Android security patch level of May 2021 or later are not vulnerable to these exploits, as the vulnerabilities were patched by Android between 2016 and 2021. Google Play Protect removes these apps and blocks new installs, and users are advised to keep their devices updated with the latest security patches.
Advanced Protection Mode in Android 17 prevents apps from misusing Accessibility Services
AppWizard
March 16, 2026

Advanced Protection Mode in Android 17 prevents apps from misusing Accessibility Services

Android 17 has introduced Advanced Protection Mode (AAPM) to enhance user security by preventing non-accessibility applications from using the Accessibility API, which has been exploited by malware. AAPM allows only verified accessibility tools to utilize the API and implements stricter security settings, including blocking installations from unknown sources, limiting USB data access, and mandating Google Play Protect scans. Applications must declare themselves as accessibility tools with the attribute isAccessibilityTool="true" to use the Accessibility Services API. Additionally, Android 17 features a new contacts picker that allows applications to request access to specific contact fields instead of the entire address book, enhancing user privacy.
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
AppWizard
March 16, 2026

Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse

Google is piloting a security enhancement in its Android Advanced Protection Mode (AAPM) that restricts certain applications from using the accessibility services API. This update is part of Android 17 Beta 2. AAPM, introduced in Android 16, enhances device security by blocking app installations from unknown sources, restricting USB data signaling, and mandating Google Play Protect scanning. Developers can integrate with AAPM through the AdvancedProtectionManager API to adapt their apps based on the security mode's status. The new restriction prevents non-accessibility apps from accessing the accessibility services API, allowing only verified accessibility tools like screen readers and voice-based input tools. Non-accessibility apps, including antivirus software and password managers, will have their access revoked when AAPM is activated, and users cannot grant permissions to these apps unless AAPM is disabled. Additionally, Android 17 introduces a new contacts picker feature that allows developers to specify which fields to access from a user's contact list, providing more granular control over data access.
Researchers Discover First Android Malware Using Generative AI for Persistence
Tech Optimizer
February 22, 2026

Researchers Discover First Android Malware Using Generative AI for Persistence

Security researchers have identified a new Android Trojan named PromptSpy that uses generative AI technology to enhance its persistence on compromised devices. Discovered by ESET researchers, PromptSpy leverages Google's Gemini AI model to analyze infected device screens and generate tailored instructions for embedding itself within recent apps lists. It includes a Virtual Network Computing (VNC) module that allows attackers full remote control over the device, enabling activities such as viewing the screen, performing actions remotely, capturing lock screen data, blocking uninstallation attempts, gathering device information, taking screenshots, and recording screen activity as video. The malware communicates with command-and-control servers using AES encryption and exploits Android Accessibility Services, making it difficult to remove. PromptSpy is distributed through a dedicated website and is financially motivated, adapting to various Android interfaces and operating system versions. ESET's analysis indicates that the malware is regionally targeted, with a focus on Argentina, and may have been developed in a Chinese-speaking environment. The same threat actor is believed to be responsible for both VNCSpy and PromptSpy.
Google says its AI systems helped deter Play Store malware in 2025
AppWizard
February 20, 2026

Google says its AI systems helped deter Play Store malware in 2025

Google reported a decrease in malicious apps targeting its Google Play platform, preventing 1.75 million policy-violating apps from being published in 2025, down from 2.36 million in 2024 and 2.28 million in 2023. The company banned over 80,000 developer accounts in 2025 for attempting to publish harmful apps, a decrease from 158,000 in 2024 and 333,000 in 2023. Google conducts over 10,000 safety checks on every app before publication and has integrated generative AI models into the app review process. The company prevented more than 255,000 apps from gaining excessive access to sensitive user information, down from 1.3 million in 2024, and blocked 160 million spam ratings and reviews. Additionally, Google Play Protect identified over 27 million new malicious apps, an increase from 13 million in 2024 and five million in 2023.
Search