Google says it removed over 700,000 bad or malicious apps from the Play Store in 2017, up 70% from 2016.
The company also says it banned over 100,000 developer accounts belonging to "bad actors" who tried "to create new accounts and attempt to publish yet another set of bad apps."
These numbers were published today in an end-of-year report authored by Andrew Ahn, Product Manager of Google Play.
Copycats, abusive apps, and PHAs
Ahn says most of the apps the company has taken off the Play Store were copycat apps mimicking more famous applications.
"Famous titles get a lot of search traffic for particular keywords, so the bad actors try to amass installs leveraging such traffic," Ahn explained.
He says Play Store engineers identified and removed over a quarter of million copycat apps in 2017. Ahn says miscreants used confusable Unicode characters (homograph attack) or hiding copycat app icons in a different locale to trick reviewers and end users alike.
The second most widespread category of abusive apps removed from the Play Store are apps containing inappropriate content such as pornography, extreme violence, hate, and illegal activities. Ahn says engineers removed tens of thousands of such apps last year.
Third, Google had a problem with PHAs —Potentially Harmful Applications— a term the company uses to describe apps carrying various types of malware.
Ahn says PHAs are generally very rare but claims that with the launch of the Google Play Protect service in mid-2017, Google has reduced the rate of PHA installations by a factor of 10 compared to 2016.
99% of malicious apps caught during the review process
Ahn also suggests the company identified even more malicious apps. He did not provide an exact number but only said that 99% of all the malicious Android apps Google identified last year were detected and rejected during the review process before anyone could install them.
The company credits improvements to its machine learning models and new detection models for malicious and abusive techniques. Google also admitted that some malicious apps will fall through the cracks and make it on the Play Store, as no review system is perfect.
Comments
NickAu - 4 years ago
Thats a joke, 700 000 I feel sorry for the people who got infected, Its high time these companies started to pay for their incompetence
Occasional - 4 years ago
"...pay for their incompetence"? I'd say Google got paid, for a strategy of amassing shear number of apps, through minimal vetting. Look at reviews, from several years back, of Microsoft Store; you'll almost always see paltry numbers of apps, compared to Google Play, as a negative for MS (leaving out the fact that MS vetting was much tighter).
f2technologyuae - 4 years ago
It is good for Google Play users, They get filter apps instead of any unuseful apps. Which wastes the time of users.
Occasional - 4 years ago
The Unicode ploy goes back more than a decade. Saw it with website registration (worked at the time). You could find a character in an obscure alphabet that looked nearly identical to one in the Roman alphabet - but resolved to a different Unicode. That way you could register micro(s)oft.com, if you swapped the 's' for something that looked very much like an 's'.