Android logo

Google says it removed over 700,000 bad or malicious apps from the Play Store in 2017, up 70% from 2016.

The company also says it banned over 100,000 developer accounts belonging to "bad actors" who tried "to create new accounts and attempt to publish yet another set of bad apps."

These numbers were published today in an end-of-year report authored by Andrew Ahn, Product Manager of Google Play.

Copycats, abusive apps, and PHAs

Ahn says most of the apps the company has taken off the Play Store were copycat apps mimicking more famous applications.

"Famous titles get a lot of search traffic for particular keywords, so the bad actors try to amass installs leveraging such traffic," Ahn explained.

He says Play Store engineers identified and removed over a quarter of million copycat apps in 2017. Ahn says miscreants used confusable Unicode characters (homograph attack) or hiding copycat app icons in a different locale to trick reviewers and end users alike.

The second most widespread category of abusive apps removed from the Play Store are apps containing inappropriate content such as pornography, extreme violence, hate, and illegal activities. Ahn says engineers removed tens of thousands of such apps last year.

Third, Google had a problem with PHAs —Potentially Harmful Applications— a term the company uses to describe apps carrying various types of malware.

Ahn says PHAs are generally very rare but claims that with the launch of the Google Play Protect service in mid-2017, Google has reduced the rate of PHA installations by a factor of 10 compared to 2016.

99% of malicious apps caught during the review process

Ahn also suggests the company identified even more malicious apps. He did not provide an exact number but only said that 99% of all the malicious Android apps Google identified last year were detected and rejected during the review process before anyone could install them.

The company credits improvements to its machine learning models and new detection models for malicious and abusive techniques. Google also admitted that some malicious apps will fall through the cracks and make it on the Play Store, as no review system is perfect.

Related Articles:

Android Apps Pretend to Mine Unmineable CryptoCurrencies to Just Show Ads

Google’s Android Apps Are No Longer Free for European Smartphone Makers

Google Accidentally Pushed Internal November 2018 Security Update to Pixel User

Trojanized App In Google Play Steals Bank Customers' Euros

Internal Chrome Page Shows All Google Interstitial Warnings