Google confirms Play Store update, app removals will begin in just 5 weeks

July 29th Update: New spyware warning in the Play Store.

Google’s mission to make Android more like the iPhone in terms of security and privacy continues. But even as Google beefs up its Play Store defenses — a new report out this week makes it clear that dangerous threats are still getting through. Here’s the biggest change of all: Google’s mass removal of low-quality apps from the Play Store will trigger a lot of those threats, starting August 31st, just five weeks away.

First the positives. Google has now confirmed through its Chrome team that it is confident enough in Play Protect in the Play Store to end “the file may be harmful” warnings for users with Play Protect enabled who download apps from third-party stores.

ForbesMicrosoft Windows Deadline – Update Your PC by July 30By Zak Doffman

How Android Power reports, this update means that “(Chrome) will soon leverage the presence of Play Protect to decide whether to display an alert… While Play Protect initially only scanned new apps that were uploaded to Google Play by developers themselves or by users when they first downloaded them, it was recently updated to perform some real-time app scans on the device and will soon perform even deeper AI scans on the device. Given these improvements… it’s no wonder the Chrome team now considers the ‘may be harmful’ warning unnecessary.”

But now let’s get to the negatives. Kaspersky just warned that it had discovered new samples of the dangerous Mandrake spyware in the Play Store back in April, “while no other vendor has detected them.” The team found “new layers of obfuscation and evasion techniques” designed to avoid detection by Play Store defenses. And if it’s in the Play Store, that means Play Protect isn’t yet able to detect the threat from somewhere else.

Kaspersky says that all of the apps containing malware “were published on Google Play in 2022 and were available for at least a year.” These are exactly the types of miscellaneous, low-quality apps that Google should have caught in a mass takedown. “According to reviews,” Kaspersky says of one app, “several users noticed that the app was not working or was stealing data from their devices.”

Mandrake is a “sophisticated Android cyber espionage platform” that has been spotted multiple times over the past four years. As for this latest campaign, Kaspersky says that “the latest app was last updated on March 15, 2024, and removed from Google Play later that month. According to VirusTotal, none of the apps have been detected as malware by any vendor as of July 2024.”

If the new Play Store takeover significantly reduces this pleasure, as expected, attention will turn to side-loading and third-party stores where such empty apps will remain. And while the days of sideloading are not over yet, Google’s Play Store defenses will be expanded to protect even this Wild West as best they can.

Google Play Protect isn’t a one-size-fits-all solution, which is why so many malicious apps still make it onto the store. But once malware is identified, it can look for the same thing again—and again, and again. Although that’s proving harder than expected. And if that cleanup removes threats from the Play Store, it means that Play Protect hasn’t necessarily been updated. Live monitoring of suspicious app behavior, including permissions, in Android 15 will have to fill the gap.

The real goal will be to get users to treat the Play Store as the only place they can find apps — and more, according to recent updates. Samsung just lifted its own default device restrictions to steer users away from third-party stores or direct downloads, and Google is clearly looking to build a better wall around the Play Store this year.

The massive decision to remove thousands of apps deemed low quality is more about security and privacy than anything else. This is the type of empty, pointless app that either hides malware or is part of an attack chain that primes the device for malware from another source, thereby bypassing some of those protections.

ForbesTelegram Plays with Fire, Gets Burned – 950 Million Users ThinkBy Zak Doffman

Google says the apps that will be flagged for removal include “static ones with no app-specific functionality, such as text or PDF apps, apps with very little content that don’t provide an engaging user experience, such as apps with a single wallpaper, and apps that are designed to do nothing or have no functionality at all. This will have a huge impact on the Play Store, and users should be prepared.”

And while many longtime Android users don’t like the suggestion that Google is moving its operating system in Apple’s direction, the reality is that Apple users are much better protected against malware than Android users. Google is trying to catch up.

I reached out to Google for comment on the new Mandrake report.

The days of Android’s Wild West really do seem to be long gone. Although, as Kaspersky warns, this latest Mandrake campaign “lurked in the shadows for two years while still available for download on Google Play.” The risk, they say, “is that stricter pre-release checks on apps translate into more sophisticated, harder-to-detect threats sneaking into official app stores.”