Summary Google blocked 2.36 million apps and 158,000 developer accounts to maintain Play Store safety in 2024.

1.3 million apps had access to unnecessary permissions, curtailed by Google.

Play Protect flagged 13 million new apps outside Google Play, ensuring user safety.

Google is the guardian of the Android ecosystem, and it has considerable leverage on the hardware created for Android, as well as the software ecosystem as well. As a result, all our favorite Android apps also fall under its purview, especially from a safety standpoint. While Android allows sideloading any app no matter its origin, the Play Store is what most users turn to, and maintaining safety standards for apps listed there is a critical responsibility. We might not realize how much the company does, but Google's latest report shines a light on Play Store safety.

A bad app can be anything from one that doesn't target the latest API levels, or one with outright credential-stealing, user-harming, malicious intent. Telling the difference at scale is challenging, like we saw in 2023 when Google fended off 2.28 million such apps. This year is no different, and the company prevented a whopping 2.36 million apps and over 158,000 developer accounts from potentially sullying the Play Store's reputation as a haven for good apps.

Multiple layers of security to keep millions of users safe

Diving into the details with Play Protect

Source: Google

Access to sensitive device permissions is the root cause of most exploits, so this year, Google joined forces with developers to curtail access to these permissions. In 2024, it prevented 1.3 million apps from accessing unnecessary permissions that would lead to user data. This was possible through automatic permission withdrawal for unused apps and new dev requirements for user data handling, paired with an option for users to request data deletion from apps that collect info.

To safeguard against fraud, bots, and data theft, Google relies on Play Integrity APIs and the related automatic protection. This led to 80% lower usage stemming from unverified and untrusted sources of the apps using said API. The SAFE principles that stood guard last year also helped out this year by tracking several data points for the listed apps, but Play Protect was the star of the show, flagging a colossal 13 million new apps from outside Google Play, through real time scanning on Android devices.

Most of these apps come from third-party sources besides the Play Store, and the search titan now uses Play Protect to block sideloading attempts of apps that use scammer-favorite sensitive permissions. This is a pilot project already operating in nine regions — Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, South Africa, Thailand, and Vietnam. In 2024, it stopped 200,000 unique apps from wreaking havoc on 10 million devices by blocking 36 million dangerous installations.

Close

Google says Play Protect scans 200 billion apps every day, and scammers could bait users into manipulating on-device settings when calling victims, so a dangerous app can bypass these safeties. To protect against such social engineering attacks, Google now disables the Play Protect toggles when you're on a voice or video call, even via popular social apps. Such features can be the saving grace for users who may not be abreast with the ever-evolving modus operandi of bad actors.

Despite these precautionary checks and verification, reports about dangerous apps and malware-laced apps still surface, and we've had our fair share of them in the past year. So, we suggest you still exercise caution when installing apps on your devices, no matter the source you're downloading them from. Your diligence is the best safety measure at your disposal, especially when sideloading apps.