Everything is changing – the Play Store will never be the same again.
“There’s no doubt that a Google Pixel and an iPhone are pretty much the same when it comes to security,” said Android’s head of security. “Across almost all threat models, they’re nearly identical in terms of their platform-level capabilities.”
Unfortunately for Google, this claim is now eight years old and no more true than it was then. But that could soon change.
Back in 2016, Android’s then security director suggested in his interview with Vice that “Android’s open ecosystem will put it in a much better position.” How times have changed. This open ecosystem remains Android’s biggest weakness, but at least Google is finally closer to slamming the stable door.
Although malware remains a risk on the Play Store – much more so than on Apple’s App Store – sideloading poses the greater danger. Samsung is leading the way in tackling third-party app stores and direct installs, and it’s easy to see why. Google’s ongoing security campaign in Singapore “has blocked nearly 900,000 installation attempts of (sideloaded) high-risk apps on over 200,000 devices in less than six months.”
Google’s focus so far has been on expanding its Play Protect ecosystem to better protect devices from sideloaded apps as well as apps from its own Play Store. Android 15’s belated arrival of AI-powered live threat detection will be the latest advancement in that approach. But it’s the huge changes to the Play Store itself that are more important and could finally bring Android’s security closer to that of the iPhone.
In July, Google announced drastic changes to the Play Store, including weeding out apps with poor quality and poor development. This type of control is much more like Apple than Google’s previous approach, but more importantly, it is designed to wipe out most shell-like apps that either hide malware or point to malware after being installed on user devices.
The new, merciless Play Store rules come into effect on August 31st.
“We are updating the spam and minimum functionality policies,” the company warned app developers, “to ensure that apps meet the increased standards for the Play catalog and engage users with high-quality features and content-rich user experiences.”
These changes will come into effect on August 31, in just five days.
But there’s an ironic catch – a big one. As soon as Google adopts this new way of thinking, regulators could bring it all crashing down.
A US federal judge has just warned of “major changes… to punish the company” after the jury declared last year that the Play Store “is an illegal monopoly that has harmed millions of consumers and app developers.” Meanwhile, the UK regulator has “concluded its ongoing investigations into Apple and Google’s respective app stores.” But this is only a temporary respite, with “new laws governing digital markets” on the way.
Google’s new approach to Play Store security is smart and long overdue. Its relentless promotion of Play Protect as a defense against rogue apps and now this app cleanup should make users consider the Play Store a safe choice. Samsung’s default blocking of sideloading goes even further. Apple’s clear warnings that its forced opening to third-party app stores in Europe poses a security risk to users do the same.
All of this raises a critical question for regulators, tech giants and users: what is more important, security or a seemingly more open market for access to our phones? The very real fear is that you can’t have both. In this case, technology ecosystems must give users a reason to make the right choices despite the increasing risks.
And with that in mind, we’ll wait for the coming months to see if Google’s threat to finally clean up the Play Store is really serious. How serious Google is about removing all these threats – we’ll soon find out.
