
App developers in the Android ecosystem can breathe a little easier knowing that Google is doubling down on platform security.
Suzanne Frey – VP, Product, Trust & Growth for Android & Play at Google – has outlined a series of enhancements designed to make it simpler for developers to create secure apps while simultaneously fortifying the protection of the Google Play Store for millions of users worldwide.
“Knowing that you’re building on a safe, secure ecosystem is essential for any app developer. We continuously invest in protecting Android and Google Play, so millions of users around the world can trust the apps they download and you can build thriving businesses,” Frey stated.
“We’re dedicated to continually improving our developer tools to make world–class security even easier to implement.”
Over the past few years, Google has been working in partnership with developers to establish Google Play as a highly secure platform for both creators and end-users. This collaboration has already yielded significant improvements, including:
- Enhanced tools to “safeguard your business from scams and fraud”
- “Pre-review checks” to identify policy and compatibility issues early in the development cycle
- The provision of “helpful and transparent information on Google Play to build consumer trust”
- Strengthening threat-detection capabilities “with Google’s advanced AI to keep bad actors out of our ecosystem”
Looking ahead to 2025 and beyond, Google is focusing on two key areas: streamlining the process of building secure apps from the outset and further enhancing the overall security of the Android ecosystem.
Making secure app development easier from the start
Google Play’s policies play a crucial role in maintaining a safe environment for everyone. The Play Console’s pre-review checks have proven invaluable in helping developers address certain policy and compatibility issues before submitting their apps for formal review. Recent additions include checks for privacy policy links and login credential requirements, with even more pre-review checks slated for launch this year to help developers sidestep common policy issues.
To proactively address potential policy complications, Google has begun notifying developers about relevant policies earlier in the development process, directly within Android Studio. While initial notifications covered a few key policy areas, this year will see an expansion to encompass a much wider range of policies.
Responding to developer feedback, Google has revamped its policy experience to provide “clearer updates, more time for substantial changes, more flexible requirements while still maintaining safety standards, and more helpful information with live Q&A’s.”
A new communication method will soon be trialled within the Play Console to deliver information precisely when developers need it most. This year will also see further investment in gathering developer feedback, improving understanding of policies and the Policy Centre, and facilitating issue resolution before app submission through new features in both the Console and Android Studio.
The popular Google Play Developer Help Community, which attracted 2.7 million visits last year, is also set for expansion. This resource provides a platform for developers to find answers to policy questions, share knowledge, and connect with their peers. Plans are in place to extend the community’s reach by including more languages.
Protecting businesses, users, and children
The Play Integrity API is a vital tool in safeguarding businesses from various forms of abuse, including fraud, bots, cheating, and data theft. Developers are already leveraging these APIs to conduct over 500 million daily checks for potentially fraudulent or risky behaviour.
The recently introduced app access risk detection within the Play Integrity API is also processing over 500 million daily checks. According to Google, apps utilising Play Integrity features are experiencing an average of 80% less usage from unverified and untrusted sources.
Google is committed to further enhancing the Play Integrity API this year, providing even stronger protection for a broader user base.
Recent improvements to the underlying technology for devices running Android 13 (API level 33) and above have resulted in a faster, more reliable, and more privacy-preserving experience for users.
Enhanced security signals have also been launched to aid Android developers in assessing the trustworthiness of the environment in which their app is running. These improvements will be automatically rolled out to all developers using the API in May, with an option to opt-in and start using the enhanced verdicts immediately.
Future enhancements planned for later this year include new features to help combat emerging threats, such as the ability to re-identify abusive and risky devices while preserving user privacy. Additionally, Google is developing more tools to guide users in resolving issues, for example, by prompting them to install a security update or if they are using a modified version of an app.
For apps within specific categories, Google offers badges that provide an additional layer of validation, connecting users with safe, high-quality, and useful experiences.
Building on the success of last year’s “Government” badge, which helps users identify official government applications, a new “Verified” badge has been introduced this year for VPN apps that demonstrate a strong commitment to security. Google intends to expand this initiative by adding badges to more app categories in the future.
Recognising the added responsibility when apps are designed for or appeal to children, Google is committed to partnering with developers to ensure a safe and trusted online experience for younger users, protect their privacy, and empower families.
In addition to existing programmes like Google Play’s Teacher Approved programme, Families policies, and tools such as the Restrict Declared Minors setting within the Google Play Console, Google is developing new tools like the Credential Manager API, currently in Beta for Digital IDs.
Bolstering the security of the wider Android ecosystem
Google’s commitment to improving security extends beyond the Play Store to encompass the broader Android ecosystem.
According to Google, investments last year in stronger privacy policies, AI-powered threat detection, and other security measures prevented 2.36 million policy-violating apps from being published on Google Play.
“Our most recent analysis found over 50 times more Android malware from Internet-sideloaded sources than on Google Play,” Frey highlighted.
This year, Google is actively working on making it even more challenging for malicious actors to conceal themselves or trick users into installing harmful applications. These efforts will not only protect developers’ businesses from fraud but also instil greater confidence in users when downloading apps.
Meanwhile, Google Play Protect is continuously evolving to tackle new threats and safeguard users from harmful apps that can lead to scams and fraud. Given its critical role in user safety, Google is taking further steps to prevent scammers from socially engineering users into disabling this protection.
Firstly, Google Play Protect’s live threat detection is extending its protection to target malicious applications that attempt to mimic banking apps. Secondly, the enhanced financial fraud protection trial, which saw success in selected countries where malware-based financial fraud from sources outside of Google Play was prevalent, is planned for expansion to additional countries with similar high levels of threat.
Google is also collaborating with industry leaders to protect all users, regardless of the device they use or where they download their apps.
As a founding member of the App Defense Alliance (ADA), Google is working to establish and promote industry-wide security standards for mobile and web applications, as well as cloud configurations. Recently, the ADA launched Application Security Assessments (ASA) v1.0, providing clear guidance to developers on protecting sensitive data and preventing cyber attacks, ultimately boosting user trust.
 
								