Google Play is making another change with mass deletion of apps after just 5 weeks
Updated on July 29 with a new spyware warning on the Play Store.
Google’s mission to make Android more like the iPhone in terms of security and privacy continues. But even though Google maintains its Play Store protections, a new report published this week makes it clear that dangerous threats are still getting through. Notice the biggest change of all: Google’s mass deletion of low-quality apps on the Play Store will create many similar threats, and it starts on August 31, just five weeks from now.
First to the positives. Google has now confirmed through its Chrome team that it is confident enough in the Play Store’s Play Protect to end “the file may be harmful” warnings for users with Play Protect enabled who download apps from third-party stores.
Like Android Authority reports, this update means “[Chrome] will soon use the presence of Play Protect to decide whether to show the warning… While Play Protect initially only scans new apps that have been uploaded to Google Play by the developers themselves or by users when they first loaded them, recently The app has been upgraded to perform some real-time device scans and will soon do even more in-depth scans using the device’s AI. Given these improvements… it’s no surprise that the Chrome team now considers the ‘file may be harmful’ warning to be unnecessary.”
But now to the negatives. Kaspersky has just warned that it has discovered new samples of the dangerous Mandrake spyware in the Play Store as recently as April, “remaining undetected by any other vendor.” The team discovered “new layers of obfuscation and evasion techniques” designed to evade detection by the Play Store’s defenses. And if it’s in the Play Store, it means Play Protect can’t detect the threat from elsewhere yet.
Kaspersky says all the malware apps “were published on Google Play in 2022 and remained available for at least one year.” These are exactly the type of disparate, low-quality apps that should be taken from Google’s mass deletion. “According to reviews,” Kaspersky says of one of the apps, “several users have noticed that the app doesn’t work or has stolen data from their devices.”
Mandrake is an “advanced Android cyber espionage platform” that has been spotted multiple times over the past four years. Regarding this latest campaign, Kaspersky says that “the latest app was last updated on March 15, 2024, and was removed from Google Play later that month. As of July 2024, none of the apps had been detected as malware by any vendor, according to VirusTotal.
If the new Play Store review significantly reduces enjoyment, as we hope, then attention will turn to sideloading and third-party stores, where such pointless applications will remain. And while the days of sideloading aren’t over yet, Google Play Store protections will expand to protect even this Wild West as best it can.
Google Play Protect is not comprehensive, which is why there are still such a large number of malicious apps making their way to the store. But once malware is identified, it can search for the same thing again – and again and again. Although it turns out to be more difficult than expected. And if this is the cleanup that removes threats from the Play Store, it means that Play Protect is not necessarily updated. Android 15’s live monitoring for suspicious app behavior, including permissions, will need to fill the gap.
The real focus will be to make users look at the Play Store as a one-stop shop for apps – and more according to the latest updates. Samsung just raised its own default device restrictions to steer users away from third-party stores or direct downloads, and Google apparently intends to build a better wall around the Play Store this year.
The overwhelming decision to delete the thousands of apps deemed low-quality has more to do with security and privacy than anything else. It’s this type of empty, pointless application that either hides malware or is part of a chain of attacks that primes a device for malware from a different source, thus bypassing some of these protections.
Google says apps that will be flagged for deletion include those “that are static without app-specific functionality, such as text-only apps or PDF files, apps with very little content that do not provide an engaging user experience, such as single wallpaper apps and apps that are designed to do nothing or have no function. This will have a huge impact on the Play Store and users should be prepared.
And while many longtime Android users don’t like the suggestion that Google is moving its OS in Apple’s direction, the reality is that Apple users are significantly better protected against malware than Android users. Google is playing catch-up.
I’ve reached out to Google for comment on Mandrake’s new report.
The Wild West days of Android seem long gone indeed. Although, as Kaspersky warns, this latest Mandrake campaign “lurked in the shadows for two years while still available for download on Google Play.” The risk, they say, “is that tighter controls on apps before they’re published translate into more sophisticated, harder-to-detect threats creeping into official app markets.”
