Google has outlined its 2025 security measures aimed at keeping the Android and Play ecosystem protected from malware, financial fraud, hidden subscriptions, privacy misuse, and spam activity.
The company says it expanded AI-based review systems, strengthened real-time protections, and tightened developer verification to reduce risks before apps reach users.
The updates apply across Google Play, device-level safeguards through Google Play Protect, and platform-level protections in Android.
App review and enforcement in 2025
Google reported the following actions in 2025:
- 1.75 million+ policy-violating apps prevented from being published on Google Play
- 80,000+ developer accounts banned for attempting to publish harmful apps
Every app submitted to Google Play undergoes more than 10,000 safety checks before publication. Apps continue to be reviewed after they go live.
Entry barriers were increased through:
- Developer verification
- Mandatory pre-review checks
- Testing requirements
AI integration and privacy enforcement
AI-enhanced detection
Google integrated its latest generative AI models into the Play review process to help human reviewers detect complex malicious patterns more efficiently.
Sensitive data protection
In 2025:
- 255,000+ apps were prevented from gaining excessive access to sensitive user data
- Privacy policies were strengthened
Developers are supported through tools such as Play Policy Insights in Android Studio and the Data Safety section to minimize unnecessary permission requests and improve transparency.
Ratings and review integrity
To address manipulation:
- 160 million spam ratings and reviews were blocked
- An average 0.5-star rating drop was prevented for apps targeted by review bombing
These measures aim to maintain accurate app ratings and reduce artificial inflation or deflation.
Protections for kids and families
Additional safeguards were introduced to prevent younger users from discovering or downloading apps involving gambling or dating activities. These measures build on existing parental control and family policy frameworks.
Google Play Protect expansion
Google Play Protect, Android’s built-in malware defense, now scans over 350 billion apps daily, including apps installed from outside Google Play.
In the past year:
- More than 27 million new malicious apps from outside Google Play were identified
- Users were warned or installations were blocked in real time
Google advises users to keep Play Protect enabled for continued protection.
Enhanced fraud and scam protections
Fraud protection across 185 markets
Enhanced fraud protection was expanded to 185 markets, covering over 2.8 billion Android devices.
In 2025, the system:
- Blocked 266 million risky installation attempts
- Protected users from 872,000 unique high-risk applications
This feature activates when apps are installed from internet-sideloading sources such as browsers or messaging apps and request sensitive permissions.
In-call scam protection
A new in-call safeguard prevents users from disabling Google Play Protect during phone calls. This measure is designed to counter social engineering attempts that encourage users to turn off security protections while installing malicious apps.
Developer-focused security tools
Play Policy Insights and pre-review checks
Play Policy Insights in Android Studio provides real-time guidance while developers write code, especially when handling permissions or APIs related to personal data such as location or photos.
Expanded pre-review checks in Play Console help detect common rejection issues, including improper credential usage and broken privacy policy links.
Play Integrity API updates
Apps and games make over 20 billion daily checks using the Play Integrity API.
New 2025 additions include:
- Hardware-backed security signals to reduce device spoofing
- In-app prompts to resolve issues such as network errors
- Device recall (beta) to help identify repeat abuse even after a device reset
Developer verification rollout
Developer verification, previously strengthened on Google Play, will expand across the broader Android ecosystem. The goal is to ensure each app is associated with a verified identity. A dedicated account type for students and hobbyists will allow limited app distribution without full verification requirements.
Android 16 security update
With Android 16, developers can protect sensitive information such as banking credentials using minimal code implementation. The update includes built-in protection against tapjacking attacks, where malicious apps use hidden overlays to capture user taps.
Outlook
Google states that it will continue investing in AI-driven detection systems, developer compliance tools, and verification processes to reduce abuse across the Android ecosystem. Future efforts will focus on embedding policy checks directly into development workflows and expanding identity verification to limit repeat harmful activity.