Google is rolling out a broad set of security measures aimed at protecting Android users from malicious apps, financial fraud, and social engineering scams — a move that signals the company’s growing urgency to address persistent vulnerabilities in its mobile platform. The changes, announced in a detailed update to the company’s security blog and covered extensively by Android Authority, touch everything from on-device malware scanning to new restrictions on app permissions during phone calls.
The announcements come at a time when Android’s open architecture continues to attract both legitimate developers and bad actors. Google said it blocked 2.36 million policy-violating apps from being published on Google Play in 2024 and banned more than 158,000 developer accounts that attempted to distribute harmful software. Those numbers, while impressive in scale, also underscore the sheer volume of threats the platform faces daily.
Google Play Protect Gets Sharper Teeth
At the center of Google’s updated defenses is Google Play Protect, the built-in security system that scans apps installed on Android devices. The company reported that Play Protect performed 10 billion scans per day in 2024, identifying 13 million new malicious apps originating from outside the Google Play Store. That figure highlights a critical reality: a significant portion of Android malware enters devices not through the official storefront but via sideloaded apps, third-party app stores, and links shared through messaging platforms.
Google is now expanding Play Protect’s on-device AI-powered threat detection to more regions and app categories. The system uses machine learning models that run locally on the device to detect apps that behave suspiciously — for instance, apps that attempt to harvest credentials or personal data after installation. According to Google’s announcement, the enhanced detection capabilities have already proven effective against apps that try to disguise their true functionality to evade traditional review processes.
New Barriers Against Financial Fraud Schemes
One of the most notable new protections targets a specific and growing category of fraud: scams that instruct victims to install apps or change device settings while on a phone call with the scammer. This social engineering technique has become increasingly common in financial fraud schemes, where criminals impersonate bank officials, government agents, or tech support representatives and walk victims through steps that compromise their devices.
Google is introducing protections that will prevent users from sideloading apps or granting sensitive accessibility permissions while a phone call is active. The feature is designed to interrupt the real-time manipulation that makes these scams so effective. As Android Authority reported, this call-based protection is being piloted in select markets and is expected to expand globally. The logic is straightforward: legitimate app installations and permission changes rarely need to happen during a live phone conversation, so blocking these actions during calls imposes minimal friction on ordinary users while creating a significant obstacle for fraudsters.
Tougher Screening for Developers and Apps Alike
Beyond the device-level protections, Google is also strengthening its review processes on the Play Store side. The company said it has improved its AI-assisted app review system, which now helps human reviewers catch policy violations more efficiently. In 2024, Google reported that more than 92% of human reviews for harmful apps were AI-assisted, allowing the company to take faster and more accurate enforcement action.
Developer identity verification is also getting tighter. Google has expanded its requirements for developers to verify their identity and provide a verifiable track record before their apps can be distributed widely on the Play Store. The company has been incrementally raising the bar for developer accounts over the past several years, and the latest round of changes continues that trajectory. The 158,000 banned developer accounts in 2024 represent a significant increase over prior years, suggesting both that enforcement is getting more aggressive and that the volume of fraudulent developer activity remains high.
The Sideloading Question Looms Large
Google’s emphasis on threats from outside the Play Store inevitably raises questions about sideloading — the practice of installing apps from sources other than the official storefront. Android has historically allowed sideloading as a feature of its open platform philosophy, distinguishing it from Apple’s more locked-down iOS approach. But the data Google is presenting makes a clear case that sideloaded apps represent a disproportionate security risk.
The 13 million new malicious apps detected outside of Google Play in 2024 dwarfs the number caught within the store itself. Google has been careful not to frame its security updates as an argument against sideloading outright — doing so would alienate the developer community and potentially draw regulatory scrutiny in markets like the European Union, where app distribution choice is becoming a legal mandate. Instead, the company is positioning Play Protect as a safety net that works regardless of where an app comes from, scanning sideloaded apps with the same rigor as those downloaded from the Play Store.
Permissions Get a Fresh Look
Google is also refining how Android handles app permissions, particularly those that grant access to sensitive data like SMS messages, location, and accessibility services. Apps that request permissions beyond what is necessary for their core functionality will face greater scrutiny during the review process. Google has been tightening permission policies for years — it restricted SMS and call log access for most apps back in 2019 — but the latest changes focus on accessibility permissions, which have become a favored attack vector for malware developers.
Accessibility services, originally designed to help users with disabilities interact with their devices, can be exploited by malicious apps to read screen content, intercept notifications, and even perform actions on behalf of the user. Google said it is now applying stricter review criteria for apps requesting accessibility access and is limiting the circumstances under which such permissions can be granted to sideloaded apps. This is a delicate balancing act: overly restrictive policies could harm legitimate accessibility tools, while permissive ones leave the door open for abuse.
Industry Context and the Competitive Angle
Google’s security push does not exist in a vacuum. Apple has long marketed iOS as the more secure mobile platform, and the comparison has become a recurring theme in regulatory debates over app store competition. As governments in Europe, the United States, and Asia push for greater app distribution openness — effectively requiring platforms to allow sideloading and alternative app stores — the security argument becomes both more important and more politically charged.
Google appears to be threading a needle: demonstrating that it can maintain a secure platform without resorting to the kind of closed-system approach that Apple favors. The investments in on-device AI scanning, real-time threat detection, and fraud prevention during phone calls are all designed to show that security and openness can coexist. Whether regulators and consumers find that argument persuasive will depend largely on whether these measures translate into measurably fewer successful attacks on Android users.
What This Means for App Developers and Enterprise Users
For legitimate app developers, the tightening of review processes and permission policies means more hoops to jump through — but potentially also a cleaner marketplace in which to compete. Developers whose apps are flagged by automated systems may face delays in getting updates approved, a friction point that has been a persistent complaint in the developer community. Google has acknowledged this tension and says it is working to reduce false positives in its automated review systems.
Enterprise customers, meanwhile, stand to benefit from the enhanced Play Protect capabilities, particularly in industries like financial services and healthcare where mobile device security is a compliance requirement. Google’s ability to detect and neutralize threats on devices that are managed through its Android Enterprise program is a selling point in competition with Apple’s own enterprise offerings. The new protections announced this week add another layer to that pitch.
The Scale of the Problem Remains Staggering
Even with all these measures in place, the numbers tell a sobering story. Billions of scans per day, millions of malicious apps detected, hundreds of thousands of developer accounts banned — these figures reflect a platform that is under constant siege. Google’s response has been to invest heavily in automation and AI, recognizing that human review alone cannot keep pace with the volume of threats.
The question going forward is whether these defenses can stay ahead of attackers who are themselves adopting more sophisticated techniques, including AI-generated phishing content and polymorphic malware that changes its code to evade detection. Google has signaled that it views this as an ongoing arms race, not a problem that can be solved with a single set of policy changes. For the more than three billion active Android devices worldwide, the stakes could hardly be higher.