Google has revealed that it blocked more than 1.75 million malicious or policy‑violating Android apps from reaching users through the Play Store in 2025, highlighting a major AI‑driven push to secure the mobile ecosystem against malware, fraud, and privacy abuse.
More than 80,000 “bad” developer accounts were also banned, cutting off repeat offenders who tried to push harmful apps into the store.
Google says the drop in malicious submissions compared to previous years shows that stronger, multi‑layered protections are discouraging attackers from even attempting to target the Play Store.
Every app submitted to Google Play now faces more than 10,000 automated and manual safety checks before going live, with continuous monitoring even after publication.
Google has integrated its latest generative AI models into the review pipeline, helping human reviewers detect complex and evolving malicious patterns that might otherwise slip past traditional rule‑based systems.
According to Google’s 2025 security update, over 1.75 million apps were rejected before publication on Google Play for violating policies on malware, financial fraud, hidden subscriptions, or misuse of user data.
These controls are enforced alongside stricter developer verification, mandatory pre‑review checks, and testing requirements, all designed to make it much harder for anonymous actors to abuse the platform.
Protecting privacy, ratings, and kids
Beyond blocking apps outright, Google says it stopped more than 255,000 apps from obtaining excessive access to sensitive user data in 2025, tightening how permissions are requested and used.
Tools like Play Policy Insights in Android Studio and the Data safety section in Play Console give developers real‑time guidance on privacy rules, so they can avoid violations while still in the coding and submission phase.
To preserve trust in app discovery, Google’s anti‑spam systems blocked around 160 million fake or abusive ratings and reviews, preventing review bombing campaigns from causing an average 0.5‑star drop in targeted apps.
Google has also rolled out new protections for children and families, adding extra policy layers that prevent younger users from discovering or installing apps tied to high‑risk categories such as gambling or dating.
This builds on earlier age‑assurance and family safety programs and is meant to ensure that content surfaced to kids on Google Play remains age‑appropriate and safer by design.
Together, these measures aim to reduce real‑world harm from deceptive apps while preserving a trustworthy app marketplace for both users and legitimate developers.security.
On the device side, Google Play Protect now scans more than 350 billion apps every day across the Android ecosystem, including apps installed from third‑party sources.
In 2025, its real‑time scanning capabilities detected over 27 million new malicious apps distributed outside the Play Store, warning users or blocking installations before those apps could execute harmful behavior.
Google stresses that users should keep Play Protect enabled to benefit from these continuous checks and real‑time threat intelligence.
To counter financial fraud via sideloaded apps, Google expanded Play Protect’s enhanced fraud protection from an initial pilot in Singapore to 185 markets, covering more than 2.8 billion Android devices.
This system blocked 266 million risky installation attempts and helped protect users from 872,000 unique high‑risk applications that abused sensitive permissions to commit scams.
A newer in‑call scam protection feature also prevents users from disabling Play Protect during live calls, shutting down a common social‑engineering tactic in which attackers pose as support agents and try to convince victims to turn off protections before installing a malicious app.
Google says developers made over 20 billion daily checks with the Play Integrity API in 2025 to verify app integrity and defend against abuse and unauthorized access.
New hardware‑backed signals and in‑app remediation prompts make it harder for attackers to spoof devices, while helping legitimate users quickly fix issues like network errors without leaving the app.
Developer verification is also being rolled out more broadly, with a new account type allowing students and hobbyists to distribute to a limited number of devices while still holding identities accountable.security.
Looking ahead, Google plans to keep investing in AI‑driven defenses, deeper developer verification, and privacy‑forward platform features in upcoming Android releases, including one‑line protections against threats like tapjacking in Android 16.
The company positions these steps as part of a long‑term strategy to make Google Play and Android “the most trusted app ecosystems,” by blocking malicious apps at scale while giving legitimate developers clearer paths to build secure, compliant software.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
