Content, Security Program Controls/Technologies, Distributed Workforce

Google Zapped 700,000 Bad Play Store Apps in 2017

Last July, Google rolled out a new mobile security platform to keep Android devices, data and apps safe. One feature enables users to run a safety check on apps from the Play Store to ferret out malicious downloads.

By any measure, it’s a welcome addition -- there are lots of bad mobile apps to stamp out. Even though Google has regularly reinforced its ability to squash harmful Play store apps, the buggers keep coming, often luring millions of downloads before the axes hit them. In fact, Google took down more than 700,000 apps in 2017 that “violated the Google Play policies,” roughly 70 percent more than it had dismantled the year prior, the search giant said late last week.

Obviously, those are big numbers. Like mosquitoes, the danger isn't in the volume of nasty apps but rather in the potent few that quickly attract massive downloads to spread infections wildly. Google hopes that its mobile security suite will help immunize users from the bad app plague. It appears to be making some progress in that direction.

Andrew Ahn
Andrew Ahn

“Not only did we remove more bad apps, we were able to identify and action against them earlier,” Andrew Ahn, Google Play product manager, wrote in a blog post. To Google, bad apps are either harmful impersonators of popular, legitimate code such as WhatsApp and Pokemon GO, or have inappropriate content or are phishing for personal credentials, acting as trojans or conducting SMS fraud.

Ahn attributed the improved detective work to Google's new machine learning models that are more adept at finding bummer apps. The tweaked algorithms evidently can also finger “repeat offenders and abusive developers at scale.” He said Google zapped 100,000 bad developers last year. Presumably by bad developers he means those making and planting injurious code.

Of the 700,000 apps Google clubbed into submission last year, about 250,000 were so-called impersonators masking as famous apps to trick downloaders into clicking on them. In addition, “tens of thousands of apps” with inappropriate content were foiled, while Google knocked down the install rates of potential harmful apps by 20 percent year-over-year, according to Ahn.

Despite the lofty numbers and the enhanced detection capabilities, Ahn admitted that some bad apps “still manage to evade and trick our layers of defense.” Indeed, among the smaller impact nasties were a couple of whoppers. For instance, last May, security provider Check Point’s researchers discovered on Google Play auto-click adware called 'Judy' planted in about 41 apps that reached 4.5 million to 18.5 million downloads. A few months later, Check Point also discovered a new strain of Android malware called ‘ExpensiveWall’ skulking around in about 50 apps that had been downloaded between 1 million and 4.2 million times.

“We take these extremely seriously, and will continue to innovate our capabilities to better detect and protect against abusive apps and the malicious actors behind them,” Ahn wrote.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.