Google just released a security update on its Android blog in which it reveals how it fought bad apps this year, revealing it combined new machine learning models and techniques on top of actual humans monitoring app submissions. The company said it was able to remove some 700,000 fraudulent or malicious apps, both before and after they reached actual consumers. That’s a new record for the company, marking a 70% increase compared to last year.
That sounds great until you realize that some 700,000 apps with malicious intentions were submitted to the Google Play store in 2017 alone. That’s incredibly sad but also scary.
Google’s achievement is definitely a win for the company. Removing more than 700,000 apps that violated the Google Play store policies is impressive. But let’s look at all the numbers Google presented:
In 2017, we took down more than 700,000 apps that violated the Google Play policies, 70% more than the apps taken down in 2016. Not only did we remove more bad apps, we were able to identify and action against them earlier. In fact, 99% of apps with abusive contents were identified and rejected before anyone could install them.
So that means more than 7,000 apps managed to bypass Google’s safety measures, sneaking into the Play store. Currently, there are some 3.5 million apps available in the Play Store, according to December 2017 estimates.
Google said it discovered some 250,000 apps that were just copycats, looking to deceive users into installing fraudulent applications. Tens of thousands of apps featured inappropriate content, including pornography, extreme violence, hate, and illegal activities.
An unspecified number of malware apps were also discovered and killed. These apps would commit SMS fraud, act as trojans, and attempt to phish user data. Google says the annual number of malware app installs was 50% lower last year than in 2016, without specifying actual numbers.
One other disturbing detail presented in the blog post is that Google was able to take down some 100,000 bad developers last year alone:
We’ve also developed new detection models and techniques that can identify repeat offenders and abusive developer networks at scale. This resulted in taking down of 100,000 bad developers in 2017 and made it more difficult for bad actors to create new accounts and attempt to publish yet another set of bad apps.
Again, that’s great news. But it’s also unfortunate to hear how many people would be willing to create apps that violate Google’s terms of service. At least 100,000 developers out there would rather resort to creating some sort of malicious app to take advantage of Android users rather than come up with application ideas that would generate revenue. That’s a problem that Google’s Android created.
After all these years of Android, Google managed to significantly improve the security of its devices and the Play store, and that’s commendable. But Google is also responsible for this wave of Android crime if you will. Rather than boosting security features that fend off questionable apps, maybe Google should transform Android into a platform that’s not that easy to take advantage of. After all, if Google is willing to copy Apple’s hardware playbook, it can certainly take inspiration from Apple’s way of handling iOS and the App Store. Maybe not for Android as it is today, but for Fuchsia OS that’s going to replace it soon.
I will also add that Apple never shares similar reports. We have no idea how many apps Apple turned down this year, and how many malicious apps made it into the App Store. But Apple’s numbers probably can’t be compared to Google’s record.