To stop shady apps, Google to scrutinize first-time developers

FILE - In this Dec. 17, 2018, file photo, a man using a mobile phone walks past Google offices in New York. (AP Photo/Mark Lennihan, File)

To better protect Android users from malicious apps, Google plans on spending more time vetting new developers who want to publish over the Google Play store.

The company estimates the reviews will take "days, not weeks" for developers that don't have track record with Google. "While the vast majority of developers on Android are well-meaning, some accounts are suspended for serious, repeated violation of policies that protect our shared users," the Android team said in a blog post on Monday.

One of the best ways to avoid Android malware is to only download apps from the official Google Play store, where every app is scanned for potential threats. Last year, only 0.08 percent of devices that used Google Play exclusively for app downloads were affected by potentially harmful applications.

When malware does slip in, it can occur through scammers or hackers using a developer account to publish dummy apps that've been rigged to exploit your smartphone. According to Google, the bad actors behind these schemes are often repeat offenders; once caught, they'll attempt to infiltrate the store again by either starting a new developer account or buying one from a legitimate developer.

More From PCmag

In response, Google has been using computer algorithms and human review teams to find developer accounts that might be up to no good. If violations are found, the account will then be suspended. "While 99%+ of these [past] suspension decisions are correct, we are also very sensitive to how impactful it can be if your account has been disabled in error," Google's Android team said in Monday's blog post.

As a result, the company is embarking on the longer review times to both ensure thoroughness in the vetting, and to also reduce the likelihood a developer account will be mistakenly suspended. To prevent hackers and scammers from gaming the system, Google declined to offer specifics on how the vetting will occur. But the company does use human teams, not bots, to decide when a developer's account should be suspended.

The extra scrutiny may annoy legitimate developers. According to Monday's blog post, some app makers have complained that Google can take too long to answer questions over whether their mobile app meets the company's policy requirements. Others have come under the mistaken impression that the whole app review process is automated, with no human involvement at all.

However, Google said the extra scrutiny was a necessary trade-off in light of the public's growing concern with digital privacy. "Users want more control and transparency over how their personal information is being used by applications, and expect Android, as the platform, to do more to provide that control and transparency," the Android team said.

Last October, Google announced that it would begin limiting Android apps from accessing call logs and SMS data from user phones. Aside from certain backup and voice mail programs, only apps that have been selected as the default for making phone calls or text messages can gain access to the data.

On Monday, Google said many developers initially "expressed frustration" with the call log and SMS data restriction. However, the company managed to work with developers to find alternatives when possible.

"As a result, today, the number of apps with access to this sensitive information has decreased by more than 98 percent. The vast majority of these were able to switch to an alternative or eliminate minor functionality," the company added.

This article originally appeared on PCMag.com.