Google Fights Malicious Apps with App Defense Alliance

November 8th, 2019

Google Fights Malicious Apps with App Defense Alliance
David Quinn

by David Quinn

VP of Strategy & Partnerships at Gummicube, Inc.

Google has been pushing to ensure the apps available on the Google Play Store are safe from malware and adware. The company’s latest effort is a partnership with security firms in what they call the App Defense Alliance. This initiative designed to identify and remove apps with hidden adware, subscription scams and more, so developers should ensure that their apps are secure or risk removal.

App Defense Alliance

The App Defense Alliance is a collaboration between Google and cybersecurity firms ESET< Lookout and Zimperium. The partnership is designed to identify Potentially Harmful Applications (PHAs) before they can impact users.

App Defense Alliance partners can request for the Google Play Protect scanner service to analyze an app and share their results. Partners can also analyze the data set before the app goes live on the store. With this system in place, Google hopes to stop apps with malware or adware in advance.

Google has had issues with PHAs on the Play Store in the past and has been working on improving its security policies to address the issue. For instance, it recently updated the developer policies for children’s apps, to ensure privacy and that all ads are served from a certified network.

The App Defense Alliance was announced not long after Google Play changed its approval process. Apps now take a few extra days to get approved in order to fully test them, so this extra time also provides time for Google’s partners to check the apps and ensure compliance.

App Security

This is one of many steps that both Google and Apple have been taking to ensure their stores are safe. Apple, for instance, has added new policies about VoIP background data collection. Earlier this year, Google changed its security policy for SMS and call log permissions, in order to prevent apps from accessing call logs and text messages without being selected by users as the default. This reduced the number of apps with access to sensitive information by over 98%.

There are several categories that PHAs can fall into, including:

  • Click fraud
  • Malware
  • Adware
  • Subscription scams
  • Banking trojans

In order to help avoid getting targeted and removed, developers should ensure that their apps do not have any unfamiliar APIs and can control the APIs they do have. If a developer uses an API with hidden adware, the Defense Alliance might identify it and remove the app. No process is perfect, so there may be errors, such as when Apple’s crackdown on gambling apps resulted in newsstand and gif sharing apps being accidentally removed as well. Google typically offers an appeals process, but ensuring your app is clean can help mitigate the need in the first place.

App Store Optimization

If an app is rejected or removed from the Play Store, that would have big consequences on its ASO strategy. Even if the app is allowed back onto the store, the removal would still have reset its keyword indexation and any rankings it may have previously earned.

Ensuring an app is compliant with all the store’s policies is important for App Store Optimization. After all, an app can’t be optimized for a store if it’s not allowed on it. When submitting an app to Google Play, developers should ensure that the app is fully optimized and clean of any malicious APIs or coding. Doing so will help it will be cleared for the store and begin reaching users.

Want more information regarding App Store Optimization? Contact Gummicube and we’ll help get your strategy started.

Similar Articles

App Store Holiday Schedule 2020

App Store Holiday Schedule 2020

Posted on November 23rd, 2020

When is the App Store Holiday Schedule 2020? Learn about the dates of this year's shutdown and how to prepare.