Google Unveils 2025 Android and Google Play Security Review, Highlighting AI-Powered Defenses
Google has released its comprehensive annual review of Android and Google Play security, detailing the extensive protection measures implemented to foster a trustworthy ecosystem with honest developers and compliant applications. The company emphasized its ongoing commitment to enhancing policies and safeguards to promote safe, high-quality apps while proactively thwarting malicious actors before they can inflict harm.
Key Statistics and Achievements from 2025
In a detailed blog post, Google shared significant data points underscoring its security efforts:
- In 2025, Google prevented over 1.75 million policy-violating apps from being published on Google Play and banned more than 80,000 bad developer accounts that attempted to distribute harmful applications.
- Google Play conducts over 10,000 safety checks on every app prior to publication, with continuous monitoring and re-evaluation after apps go live to ensure ongoing compliance.
- Anti-spam protections successfully blocked 160 million spam ratings and reviews last year, including both inflated and deflated reviews. These measures also prevented an average 0.5-star rating drop for apps targeted by review bombing, safeguarding users and developers from unhelpful feedback.
- Google Play Protect now scans over 350 billion Android apps daily, providing robust real-time security across the platform.
Expansion of Google Play Protect in 2025
Google Play Protect saw significant enhancements in 2025, particularly in fraud protection and scam prevention:
Enhanced Fraud Protection: This feature analyzes and automatically blocks the installation of apps that may abuse sensitive permissions to commit financial fraud. Triggered when users attempt to install apps from internet-sideloading sources like web browsers or messaging apps, it expanded from an initial pilot in Singapore to 185 markets, covering more than 2.8 billion Android devices. In 2025, it blocked 266 million risky installation attempts and protected users from 872,000 unique, high-risk applications.
In-Call Scam Protection: A new feature introduced to combat social engineering attacks during phone calls, this protection preemptively disables the ability to turn off Google Play Protect during calls. This prevents bad actors from tricking users into disabling their device's defenses to download malicious apps while on a call.
Tools for App Developers in 2025
Google provided developers with advanced tools to build safer applications and protect their businesses:
Building Safer Apps More Easily: Through Play Policy Insights in Android Studio, developers receive real-time feedback as they code, focusing on permissions and APIs that grant deep system access or handle personal data like location or photos. This helps developers meet policy requirements early, including prominent disclosures or usage declarations. Expanded pre-review checks in Play Console catch common rejection reasons, such as improper usage of credentials or broken privacy policy links, ensuring smoother and faster review processes.
Stronger Threat Detection with Play Integrity API: Apps and games make over 20 billion checks daily with the Play Integrity API to protect against abuse and unauthorized access. In 2025, Google added hardware-backed signals to make device spoofing harder and introduced new in-app prompts for users to fix issues like network errors without leaving the app. A beta feature for device recall helps developers identify repeat bad actors even after a device reset, all while maintaining user privacy.
Building Trust Through Developer Verification: Google is extending developer verification from Google Play to the broader Android ecosystem to ensure accountable identities behind every app. This legitimizes authentic developers and prevents bad actors from hiding behind anonymity. After an early access period, verification will open to all developers this year, with a dedicated account type for students and hobbyists allowing limited device distribution without full verification requirements.
Greater Security with Android 16: In the latest Android release, developers can protect users' private information, such as bank logins, with just one line of code. This feature is automatically integrated into certain apps to provide an instant security boost against "tapjacking," a tactic where malicious apps use hidden layers to steal clicks for ad fraud.
Google's Security Plan for 2026
Looking ahead to 2026, Google announced its continued focus on AI-driven defenses to stay ahead of emerging threats and equip Android developers with necessary tools for safe app building. The company will maintain its emphasis on embedding checks to help developers create compliant apps by design, offering guidance to avoid policy violations before publication. Additionally, Google plans to roll out Android developer verifications to hold bad actors accountable and prevent them from causing repeated harm through anonymity.
Google stated, "We're constantly improving our policies and protections to encourage safe, high-quality apps on Google Play and stop bad actors before they cause harm. As bad actors leverage AI to change their tactics and launch increasingly sophisticated attacks, we've deepened our investments in AI and real-time defenses over the last year to maintain the upper hand and stop these threats before they reach users."
