Google has revealed some numbers, which perhaps best illustrate the problem, of how malicious apps and their developers, are attempting to hoodwink unsuspecting users. The tech giant has detailed some steps they have taken to curb the bad actors on the Play Store platform, while also detailing extensive steps, this being specially focussed on India, to rework the policies for financial services apps.
The company’s data suggests they prevented as many as 1.43 million apps from being published on the Play Store for Android users, which violated one or more policy conditions. Google says they also banned as many as 173,000 developer accounts involved in attempts to publish malicious apps.
Google’s global malware problem
This is a follow-up to the data released in March, which pegged as many as $2 billion worth of transactions prevented by Google Play Commerce’s monitoring tools. These transactions can be requested for, by developers, in many forms including one-time purchases within an app or recurring payments such as some sort of subscriptions.
Malware laden Android apps continue to be a big problem for Google.
Earlier this month, security firm McAfee confirmed that in just South Korea, more than 60 applications with more than 100 million downloads, contain a third-party malicious library called Goldoson. Subsequently, some apps were removed from Google Play while others were updated by official developers.
Also Read: Decide plea against Google’s new billing policy by April 26, Delhi HC orders CCI
“With strengthened Android platform protections and policies, and developer outreach and education, we prevented about 500K submitted apps from unnecessarily accessing sensitive permissions over the past 3 years,” says Google, in a statement.
McAfee stresses in their report that the malicious library was made by someone else, not the app developers themselves. Yet, for anyone installing a malware laden app on their Android device, the risks including of data theft, hacking and monitoring, remain the same.
In India, focus on fintech apps
There have been region specific developments too, such as the new license requirements introduced for personal loan apps in Kenya, Nigeria, and Philippines. In India, loan facilitator apps now have to tick-off a more stringent checklist. This follows through on steps the tech giant has implemented, in different stages since 2021, with regards to changing guidelines (and the larger impact) of digital lending apps in India.
Some of these changes, have subsequently been implemented globally too.
“In India, in 2022, we have reviewed and taken necessary enforcement action, including removal of apps, on more than 3500 personal loan apps for violations of the Play policy requirements. We continue to uplevel our efforts in this area by regularly updating our policies and review processes,” says a Google spokesperson.
Earlier this year, a new Google Play policy for any financial product or services app which is providing loans or facilitating access to a loan, prohibited access to photos and contacts in the phone on which these apps are installed.
In 2022, with the Personal Loan App Declaration being implemented, Google had mandated any apps that offer financial loans to users, or are facilitators in this process, to prominently disclose all the names of the partner banks and non-banking financial institutions (NBFCs) within the app description. Additionally, links must be provided for the websites of these partners.
In 2021, Google had made it mandatory for developers of financial services apps to provide a declaration form confirming that they are either licensed by the RBI to provide personal loans (that included submitting a copy of the license), or alternatively, confirm that they only provide a platform to facilitate money lending by duly licensed lenders.
Regulators in India are concerned about many financial services apps that are presently available for smartphones, and the often-nefarious practices involved in disbursing personal loans, and with loan recoveries.
Last week, Union Finance Minister Nirmala Sitharaman confirmed the government was in discussions with the Reserve Bank of India and the Ministry of Electronics and Information Technology (MEITY), to clamp down on such apps.
“There are many Ponzi apps on which we’re working with the concerned ministry, the Reserve Bank of India (RBI) and clamping down on them like never before,” Sitharaman had said, at the time.
A wider app ecosystem alliance
The App Defence Alliance, which brings together tech companies with the mandate to protect Android users from malicious apps, has been expanded in the last year. Security companies McAfee and Trend Micro have now joined Google, ESET, Lookout, and Zimperium, to provide further tools to reduce the risk of app-based malware on Android devices.
The App Defence Alliance’s Mobile App Security Assessment (MASA) checks made the Google Play Store the first commercial app store to display the specifics of a security review done for apps that have completed the process so far. The company lists some popular ones that now have the bade in the Data Safety section of the app listing – PayPal, Uber, Roblox and YouTube, being some.
