All changes for Play Store
Updated on July 20th with feedback on the mass deletion message and a new report of a serious issue in the Play Store not addressed by these changes.
Google is clearly on a mission to make Android more and more like the iPhone. We’ve seen numerous announcements of iPhone-like features in recent months, and Android 15 promises the most comprehensive set of privacy and security updates in a single release.
But one battleground where Android continues to lag the iPhone by some distance is app safety and security. Despite its best efforts, Google can’t seem to keep dangerous apps on the Play Store out of the headlines. And while its excellent Google Play Protect does a great job protecting many users, the threat is getting worse. But now Google seems to be more serious about clearing up the problem once and for all.
Yes, Android 15 will bring “live threat detection” to use the device’s AI to “analyze behavioral signals related to the use of sensitive permissions and interactions with other apps and services” and quickly flag perpetrators. But while this will reduce the time between an app misbehaving and it being flagged and removed, it doesn’t solve the problem of it getting into the Play Store in the first place.
Highlight the impending mass removal of apps from the Play Store, which Google has just reviewed and confirmed is only six weeks away: “We’re updating our spam and minimum functionality policy to ensure apps meet heightened standards for the Play catalog and engage users through quality functionality and content user experiences.”
As of August 31, the type of apps in Google’s sights will include those “that are static without app-specific functionality, such as text-only apps or PDF files, apps with very little content and that do not provide an engaging user experience, for example apps with a wallpaper and apps that are designed to do nothing or have no function. Of which there are literally millions – some no doubt on your own phone.
Google is being clever here by raising its quality threshold. We’ve seen numerous recent examples of pointless but seemingly harmless apps entering the Play Store and then either being used as conduits to other malware apps, or more recently used as evil twin baits for those alternatives.
Low-quality apps are set for a major purge
Assuming that most dangerous apps on the Play Store do not serve legitimate purposes, then this is an excellent approach to tighten the web. As such, while purging apps is nothing new for Google, this time around feels different. There is a growing expectation that it will even hit some popular apps with millions of installs, and some legitimate apps that have a low quality mark will also fail to make the cut.
For developers, Google warns that apps must “provide a stable, responsive, and engaging user experience… Apps that crash, lack the basic degree of adequate utility as mobile apps, lack engaging content, or exhibit other inconsistent behavior with a functional and engaging user experience are not allowed on Google Play.”
These aren’t the only changes taking effect in the Play Store with improved security in mind. Google’s July 17 policy changes include improved protection against malware — including a mandate that developers must remove third-party code from vendors known to distribute malware, regardless of the code itself, as well as new rules for spyware prevention and stricter enforcement across the board.
None of this should come as a surprise to developers, and they have six weeks to consider whether or not to comply. Long gone are the days when Google encouraged third-party stores and users to sideload apps regardless of origin. We’re fast approaching Play getting as close to Apple’s App Store as we’re ever likely to see.
It should come as no surprise that Google’s Great Play Store Purge is generating global headlines following this week’s announcement. The scale of the likely deletions surprised industry observers with the “sudden” nature of the warning and the sheer scale of the purge driving traffic. “A mass deletion may be on the horizon,” it says PC Magwhich means “thousands of apps on the Google Play Store could suddenly disappear next month.”
But before the ink is even dry on these reports comes a stark reminder to Google and its Android users that this cleanup isn’t a cure-all, that there’s still serious work to be done to patch the store’s security holes, protecting users better than now.
This reminder comes courtesy of Android Policewhich just highlighted another major issue with the Play Store that may seem like a quality control issue but also has serious security implications, and which maintains an awkward distinction for Google between its own store and Apple’s closed equivalent.
“Please Google,” the Android tech site begs, “just make updates work on the first try.” The issue is the Play Store’s nasty habit of “falsely claiming your apps or Android version are up-to-date, even when they’re not.” . And while Android Police admits that “a simple refresh” will likely fix the sync between the phone and the store, “it’s an extra step that many people won’t bother to take.”
Let’s remember that while the purge itself appears to be driven by quality control, the real focus is security. Google has already thrown a huge resource into the seemingly intractable Android malware challenge, and the company is very sensitive to the conclusion that it can’t protect users. Play Protect and App Defense Alliance are good examples, as is the speed with which it responds to security report after report. But while these initiatives work behind the scenes, the purge is here for all to see.
The Android Police report is timely because it’s yet another example of Google’s challenge to keep up with Apple. It’s the same type of problem where Samsung and other OEMs push out monthly security updates over weeks — by model, region, and carrier, rather than all at once like Apple does. The same type of issue that had a zero-day vulnerability patched for Pixels in June, but remains in the wild for other OEMs. Samsung just confirmed that it was fixing this in August, as reported here first.
The version sync issue, Android Police explains, started with the Play Store, “when Google separated app updates from system updates, security fixes and overall improvements could be rolled out to individual apps.” And while it’s “a great feature and one of the things that sets Android apart from iOS … The Play Store has a bad habit of not showing when an app update is available.” And this, unfortunately, also sets Android apart from iOS, but not in a good way, leaving users at risk.
So kudos to Google for this cleanup, but there’s still that “please try more” from those who know Android best. Meanwhile, feedback in the wild about the purge itself has been generally positive, despite Android’s notoriously staunch resistance to something like Apple invading the ecosystem. “I hope it doesn’t look more like Apple,” posted one Reddit user, “but some better regulations would be nice.” While another cheekily asked: “So the play store will be useful now?”
Meanwhile, the purge is only six weeks away. So if you can’t get enough of low-end flashlights, horoscopes, and PDF or QR code readers, now is the time to stock up.
