Everything changes for Play Store
NurPhoto via Getty Images
Updated July 20 with comments on the mass removal announcement and a new report of a serious Play Store issue not addressed by these changes.
Google is clearly on a mission to make Android more and more like the iPhone. We’ve seen several announcements of iPhone-like features in recent months, and Android 15 promises the most comprehensive set of privacy and security updates in a single release.
But one area where Android continues to outpace the iPhone is app security. Despite its best efforts, Google can’t seem to stop dangerous apps from making headlines in the Play Store. And while its excellent Google Play Protect does a great job of protecting many users, the threat is getting worse. But Google now seems more serious about fixing the problem once and for all.
ForbesSamsung confirms early update for millions of Galaxy users – coming in AugustBy Zak Doffman
Yes, Android 15 will enable real-time threat detection and use on-device AI to “analyze behavioral signals related to the use of sensitive permissions and interactions with other apps and services” and quickly flag abuse. But while this will reduce the time between when an app misbehaves and when it’s reported and removed, it doesn’t solve the problem of why it arrived on the Play Store in the first place.
So here’s the impending mass removal of apps from the Play Store, which Google just previewed and confirmed is only six weeks away: “We’re updating the spam and minimum functionality policy to ensure apps meet the high standards of the Play catalog and engage users with quality features and content user experiences.”
Starting August 31, the apps that will be in Google’s crosshairs will include those “that are static and don’t have specific features, such as text-only or PDF-only apps; apps with very little content and that don’t provide a compelling user experience, such as single-wallpaper apps; and apps that are designed to do nothing or have no function.” There are literally millions of them, some of them probably on your own phone.
Google is being smart here, raising its quality threshold. We’ve seen several recent examples of meaningless but seemingly harmless apps making it to the Play Store and then being used as conduits for other apps containing malware, or more recently being used as evil lures for those alternatives.
Low quality apps will undergo a major purge
Assuming that most of the dangerous apps on the Play Store don’t really have any legitimate use, this is a great approach to tightening the net. So while purging apps is nothing new for Google, this time around, things are different. It’s increasingly expected that this measure will affect even some popular apps with millions of installs, and that some legitimate, low-quality apps will also not be retained.
For developers, Google warns that apps must “provide a stable, responsive, and engaging user experience… Apps that crash, lack the basic degree of usefulness adequate as mobile apps, lack engaging content, or otherwise exhibit behavior that is inconsistent with a functional and engaging user experience are not allowed on Google Play.”
These aren’t the only changes coming to the Play Store in an effort to improve security. Google’s July 17 policy changes include enhanced malware prevention, including a requirement for developers to remove third-party code from vendors known to sell malware, regardless of the code itself, as well as new rules on spyware prevention and stricter enforcement.
None of this should come as a surprise to developers, who have six weeks to assess whether or not they are complying with the rule. The days of Google encouraging third-party stores and users to download apps regardless of their origin are long gone. We are rapidly approaching the Apple App Store, which will arguably become the closest thing to the Apple App Store.
ForbesGoogle reveals new critical Chrome warning for all Windows usersBy Zak Doffman
It’s no surprise that Google’s massive Play Store purge made headlines around the world after its announcement this week. The scale of the likely removals caught industry observers off guard, with the “sudden” nature of the warning and the sheer scale of the purge generating traffic. “A mass removal event could be on the horizon,” he wrote. PC Magwhich means that “thousands of apps on the Google Play Store could suddenly disappear next month.”
But before the ink on these reports is even dry, here’s a stark reminder for Google and its Android users: This purge is not a silver bullet, and there’s still much work to be done to close security holes in the store, making users better protected than they are today.
This reminder comes to us thanks to Android Policewhich just highlighted another major Play Store issue that may appear to be a quality control problem, but also has serious security implications and maintains an uncomfortable gap for Google between its own store and Apple’s locked-down equivalent.
“Please Google,” the Android tech site pleads, “just make sure updates work the first time.” The problem is the Play Store’s bad habit of “falsely claiming that your apps or Android version are up to date when they aren’t.” And while Android Police acknowledges that a “simple refresh” will likely fix the sync between your phone and the store, “it’s an extra step that many people won’t bother taking.”
It’s worth remembering that while the purge itself seems motivated by quality control, the real goal is security. Google has already devoted significant resources to combating seemingly intractable Android malware, and the company is very sensitive about the idea that it can’t protect users. Play Protect and the App Defense Alliance are good examples, as is the speed with which it responds to security reports one after another. But while these initiatives are happening behind the scenes, the purge is out there in plain sight.
ForbesApple warns millions of iPhone users: Stop using Google ChromeBy Zak Doffman
Android Police’s report is timely because it’s another example of the challenge Google faces in trying to match Apple. It’s the same kind of problem that’s causing Samsung and other manufacturers to release monthly security updates in dribs and drabs over several weeks, by model, region, and carrier, rather than all at once like Apple does. It’s the same kind of problem that fixed a zero-day vulnerability for the Pixel in June, but that remains pending for other manufacturers. Samsung just confirmed that it will fix that issue in August, as first reported here.
The version synchronization problem, Android Police explains that the Play Store began “when Google separated app updates from system updates, allowing security fixes and general improvements to be rolled out to individual apps.” And while this is a “great feature, and one of the things that sets Android apart from iOS… the Play Store has a bad habit of not showing when an app update is available.” And this, unfortunately, also sets Android apart from iOS, but not in a good way, leaving users exposed.
So, kudos to Google for the purge, but there’s always that “please try harder” from those who know Android best. In the meantime, feedback on the purge itself has been generally positive, despite some resistance from Android to any invasion of the ecosystem by Apple. “I hope it doesn’t end up being more like Apple,” posted one Reddit user, “but better regulation would be nice.” Another cheekily asked, “So the Play Store will be useful now?”
In the meantime, the purge is only six weeks away, so if you can’t live without flashlights, horoscopes, and shoddy PDF or QR code readers, now’s the time to stock up.
.jpg)
.webp)
0 Comments