To better protect Android users from malicious apps, Google plans to more strongly vet new developers who want to publish in the Google Play store.
Reviews will take “days, not weeks” for developers who don’t have track record with Google, the company estimates. “While the vast majority of developers on Android are well-meaning, some accounts are suspended for serious, repeated violation of policies that protect our shared users,” the Android team said in a blog post.
One of the best ways to avoid Android malware is to only download apps from the official Google Play store, where every app is scanned for potential threats. Last year, only 0.08 percent of devices that used Google Play exclusively for app downloads were affected by potentially harmful applications.
When malware does slip in, it can occur through scammers or hackers using a developer account to publish dummy apps rigged to exploit your smartphone. According to Google, the bad actors behind these schemes are often repeat offenders; once caught, they’ll attempt to infiltrate the store again by either starting a new developer account or buying one from a legitimate developer.
In response, Google has been using computer algorithms and human review teams to find developer accounts that might be up to no good. If violations are found, the account will then be suspended. “While 99%+ of these [past] suspension decisions are correct, we are also very sensitive to how impactful it can be if your account has been disabled in error,” the Android team wrote.
As a result, the company is extending review times to ensure thoroughness in the vetting, and to also reduce the likelihood a developer account will be mistakenly suspended. To prevent hackers and scammers from gaming the system, Google declined to offer specifics on how the vetting will occur. But the company does use human teams, not bots, to decide when a developer’s account should be suspended.
The extra scrutiny may annoy legitimate developers. According to Monday’s blog post, some app makers have complained that Google can take too long to answer questions about whether their mobile app meets the company’s policy requirements. Others have come under the mistaken impression that the whole app review process is automated, with no human involvement at all.
However, Google says the extra scrutiny is a necessary trade-off in light of the public’s growing concern with digital privacy. “Users want more control and transparency over how their personal information is being used by applications, and expect Android, as the platform, to do more to provide that control and transparency,” the Android team said.
Last October, Google announced that it would begin limiting Android apps from accessing call logs and SMS data from user phones. Aside from certain backup and voice mail programs, only apps that have been selected as the default for making phone calls or text messages can gain access to the data.
On Monday, Google said many developers initially “expressed frustration” with the call log and SMS data restriction. However, the company managed to work with developers to find alternatives when possible.
“As a result, today, the number of apps with access to this sensitive information has decreased by more than 98 percent. The vast majority of these were able to switch to an alternative or eliminate minor functionality,” the company added.