Google prevented more than 1.75 million policy-violating apps from being published on Google Play and banned over 80,000 developer accounts that attempted to publish harmful apps in 2025. Developer verification, mandatory pre-review checks, and testing requirements in the Google Play ecosystem have reduced entry points for bad actors.
“User safety is at the core of everything we build. Over the years, we’ve introduced tools to help users stay safe and make informed app choices — from parental controls to data safety transparency and app badges. We continue to update our policies and protections to support safe, high-quality apps on Google Play and prevent harm,” Vijaya Kaza, VP and GM, App & Ecosystem Trust at Google, explained.
Google Play runs more than 10,000 safety checks on every app and continues to check and re-check apps after they are published.
AI-powered app review and data protection
In 2025, Google integrated generative AI models into its review process to help human reviewers find complex malicious patterns faster. It also prevented over 255,000 apps from gaining excessive access to sensitive user data. Tools such as Play Policy Insights in Android Studio and the Data safety section support developers in minimizing privacy-sensitive permission requests and prioritizing users in design choices.
Anti-spam protections blocked 160 million fake or manipulated ratings and reviews last year, including efforts that could inflate or deflate reviews and harm trust.
By expanding Google Play Protect, the company strengthened protections across the Android ecosystem. Play Protect scans more than 350 billion Android apps daily and identified over 27 million new malicious apps from outside Google Play, warning users or blocking installation to neutralize threats.
Enhanced fraud protection analyzes apps being installed from internet sideloading sources and blocks installations that could misuse sensitive permissions to commit financial fraud. In 2025, this protection blocked 266 million risky installation attempts and helped protect users from 872,000 unique high-risk applications.
To address social engineering attacks during phone calls, Google introduced in-call scam protection. This feature prevents users from disabling Google Play Protect during a call, stopping attackers from tricking them into disabling defenses to install malicious apps.
Tools and protections for developers
Google introduced new tools and processes that support developers and protect their businesses.
Play Policy Insights in Android Studio gives developers real-time feedback as they code, focusing on sensitive permissions and related APIs to help meet policy requirements. Expanded pre-review checks in Play Console flag common issues such as improper credential usage and broken privacy policy links before submission.
Apps and games perform more than 20 billion daily checks using the Play Integrity API to prevent abuse and unauthorized access. In 2025, hardware-backed signals made it harder to spoof devices. New in-app prompts help users fix issues like network errors without leaving the app. Google also launched device recall in beta, helping developers identify repeat abusive actors even after a device reset.
Developer verification supports legitimate developers and limits repeat abuse. After early access feedback, Google will open verification to all developers this year, including a dedicated account type for students and hobbyists with limited distribution.
In Android 16, developers can protect sensitive data, such as bank logins, with one line of code. This protection is also enabled by default for certain apps to guard against tapjacking, where malicious overlays capture user input.
In 2026, Google plans to expand AI-driven defenses to help developers build secure apps.
