Google has updated its Play Protect functionality, implementing new safety measures, including disabling app scanning during phone and video calls to combat social engineering attacks.
Changes to Google Play Protect
In 2024, Google Play Protect scanned over 200 billion apps every day, up from 125 billion in 2023. Real-time scanning has identified over 13 million new malicious apps from outside Google Play this year.
The “Scan apps with Play Protect” toggle will remain enabled during phone calls, or voice and video calls in popular third-party apps. This change aims to prevent scammers from manipulating users into disabling Play Protect during calls to download malicious apps from the Internet. Google’s interface warns: “If you’re asked to turn off app scanning, it may be a scam to try installing harmful apps on your device.”
Additionally, Chrome for Android will prompt users to re-enable Play Protect if it has been turned off.
More than 95 percent of installations from major malware families that exploit sensitive permissions highly correlated to financial fraud stem from Internet-sideloading sources like web browsers, messaging apps, or file managers, according to Google’s research.
Google has expanded its enhanced fraud protection pilot to countries including Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, South Africa, Thailand, and Vietnam.
Google Play Protect will now automatically revoke permissions for potentially harmful apps, limiting their access to sensitive data like storage, photos, and camera. Users can restore app permissions at any time, though a confirmation step will be required for added security.
Additional 2024 safety statistics highlighted by Google include: preventing 2.36 million policy-violating apps from being published on Google Play, banning more than 158,000 developer accounts attempting to publish harmful apps, and blocking 1.3 million apps from gaining excessive access to sensitive user data. Moreover, over 91% of app installs on Google Play now utilize protections from Android 13 or newer.
Apps employing Play integrity features report 80% lower usage from unverified and untrusted sources on average. Google Play Protect’s enhanced fraud protection pilots have shielded 10 million devices from over 36 million risky installation attempts across more than 200,000 unique apps.
Google stated its commitment: “We’re sharing how we kept Google Play safe from bad apps in 2024. In 2024, we continued to invest in more ways to protect our community and fight bad actors, so billions of people can trust the apps they download from Google Play and millions of developers can build thriving businesses.”
Play Protect scans all apps, including sideloaded ones, and can block or disable harmful apps based on severity. If Google identifies a harmful app, it removes it from the Play Store and alerts users if they have it installed on their device.
To further enhance security, Play Protect will also check that apps originated from the Play Store and verify they have not been tampered with. App developers can begin restricting full app functionality to devices running Android 13 or newer starting next month.
Featured image credit: Pawel Czerwinski/Unsplash
