Google’s mission to make Android more like iPhone continues, at least when it comes to security and privacy, narrowing the gap. Android 15 moves the bar significantly, with a raft of updates including AI-based live detection of malicious apps and even cellular network defense. But there are also huge changes coming to Play Store.
App security has always been the biggest issue for Google when it comes to Android security. The inherent risks with sideloading have never been resolved, even with Play Protect’s expanded mandate to secure apps from any source. But Play Store itself is not immune from attack, with the constant game of cat and mouse between Google and malware developers becoming ever more sophisticated on both sides.
One new theme has been the purge of Play Store’s lower-quality apps, which not only improves the Android user experience but also targets the shell apps designed as enticing delivery mechanisms for malware. It’s not necessarily the app itself that is dangerous, it’s what it downloads onto the device when installed than can bite.
We saw this with the purge of such apps from Play Store which kicked in earlier this year—and the number of Play Store apps is now materially reduced. But there’s more to come, as the latest pre-release Play Store APK teardown demonstrates.
As revealed by Android Authority, “Play Store could warn you if an app seems to be of low quality. The store could specifically warn you if an app has been frequently uninstalled, has limited user data, or has few active users… We dug into a recent version of the Play Store app (version 43.7.19-31) and discovered Google will display a few cautionary messages for apps that are likely to be low-quality downloads.”
There seem to be some key metrics used by Play Store to make this assessment, for example the app “is frequently uninstalled compared to similar apps on Play,” or that Play Store “has limited user data about this app,” or that it might have “few active users compared to others on Play.” The use of such metrics is likely to be an increasing factor in how Android is secured, and the more data that can be collected and then analyzed in real-time, the safer the ecosystem will become.
Android Authority says “it looks like these messages will show up on the app’s details page rather than popping up as warnings before you download it. This more conservative approach makes sense in theory, as these criteria aren’t necessarily a surefire way of knowing whether an app is a waste of time.”
It would be good to see Google go further. It is clear as to how quality should be defined when it comes to apps. “High-quality apps and games deliver value to users, are delightful to use, make the most of premium devices, and are designed for safety.” More rigorous policing of Android’s four quality pillars would be welcomed.
Meantime, once this update goes live—as we assume it will even through it’s pre-release—users would be well advised to only install a flagged low-quality app with extreme caution. Unless you know its provenance and have a real need, avoid it.
Between these new changes and the wider crackdown on sideloading from both Google and Samsung, Android’s leading OEM, the gap is definitely narrowing to iPhone. That said, there’s still some serious work to be done.