In a year-in-review announcement today, Google said Play Store app rejections went up 55 percent last year after the OS maker tightened up its app review process.
Similarly, stats for app suspensions also went up, by more than 66 percent, according to Google, which the company credited to its continued investment in "automated protections and human review processes that play critical roles in identifying and enforcing on bad apps."
One of the most significant roles in the automated systems cited by Google in identifying malware is the Google Play Protect service, which is currently included by default with the official Play Store app.
Google said this service now scans over 50 billion apps per day, and even goes as far as downloading and scanning every Android app it finds on the internet.
This includes apps hosted on third-party stores, a small detail that now helps Google show malware warnings to users when they download and attempt to install apps from outside the official Play Store.
Google's constant fight with malware has been well document across the years, with the Android OS maker sometimes losing the battle at certain periods of times --such as in the summer of 2017, when the Play Store had been invaded by malware droppers and banking trojans; and more recently in the fall of 2018, when adware-laced apps have run amok on the Play Store, infecting millions of users.
But Andrew Ahn, Product Manager for Google Play, says the company and the Play Store staff have been learning from all those past incidents.
Play Store's automated systems are now getting better and better at detecting threats, so much so that Google is now seeing clear patterns.
"We find that over 80% of severe policy violations are conducted by repeat offenders and abusive developer networks," Ahn said. "When malicious developers are banned, they often create new accounts or buy developer accounts on the black market in order to come back to Google Play."
After observing this behavior throughout 2018, Ahn says the Play Store team has now improved its clustering and account matching technologies and is now detecting repeat offender accounts much faster, sometimes blocking malicious apps before they're even approved to be listed on the Play Store, stopping malicious developers before infecting even one user.
Nonetheless, some malicious apps will always get through, mainly because there has never existed a 100% unbeatable security system.
Related security coverage:
- Microsoft February Patch Tuesday fixes 77 security flaws, including IE zero-day
- Dirty Sock vulnerability lets attackers gain root access on Linux systems
- Microsoft: 70 percent of all security bugs are memory safety issues
- WordPress plugin flaw lets you take over entire sites
- New macOS security flaw lets malicious apps steal your Safari browsing history
- Researchers hide malware in Intel SGX enclaves
- Google wants to pay you $15,000 to improve cloud security TechRepublic
- KRACK attack: Here's how companies are responding CNET