Google has stopped a million insecure Android apps hitting Play Store

Google has prevented over a million Android apps from entering the Play Store with active security issues, the company says.

In a post on the Google Security Blog, the company says its Application Security Improvement Program has helped over 300,000 app developers fix problems with their apps. The program has been in place five years now, with Google saying it spied issues within 75,000 apps in 2018 alone.

“The downstream effect means that those 75,000 vulnerable apps are not distributed to users with the same security issues present, which we consider a win,” Google says in the blog post.

The company says the program covers a broad range of issues with Android apps, from library issues to certificate validation, with feedback offered to the developers in question.

In 2018, the company added six additional classes: SQL Injection, File-based Cross-Site Scripting, Cross-App Scripting, Leaked Third-Party Credentials, Scheme Hijacking and JavaScript Interface Injection.

“Think of it like a routine physical,” the company writes in the blog post. “If there are no problems, the app runs through our normal tests and continues on the process to being published in the Play Store. If there is a problem, however, we provide a diagnosis and next steps to get back to healthy form.”

Google says it remains committed to the program in 2019, claiming it wants to discover new exploits as a top priority. It says the tool will contribute to growing trust among Android users.

“Keeping Android users safe is important to Google,” the blog reads. “We know that app security is often tricky and that developers can make mistakes. We hope to see this program grow in the years to come, helping developers worldwide build apps users can truly trust.”

Is the news that Google halted a million insecure apps before they hit the Play Store worrying or reassuring? Do developers need to up their games? Let us know @TrustedReviews on Twitter.