Updated July 20 with feedback on the mass deletion announcement and a new report into a serious Play Store issue not addressed by these changes.
Google is clearly on a mission to make Android ever more like iPhone. We have seen multiple iPhone-like feature announcements in recent months, and Android 15 promises the most complete set of privacy and security updates in a single release.
But one battlefield where Android continues to trail iPhone by some considerable distance is app safety and security. Despite its efforts, Google can’t seem to keep dangerous Play Store apps out of the headlines. And while its excellent Google Play Protect does a great job keeping many users safe, the threat is getting worse. But now Google seems to be more serious about purging the problem once and for all.
Yes, Android 15 will bring “live threat detection” to use on-device AI to “analyze behavioral signals related to the use of sensitive permissions and interactions with other apps and services,” and quickly flag abusers. But while that will cut the time between an app misbehaving and it being flagged and removed, that doesn’t address the issue that it got onto Play Store in the first place.
Cue the imminent Play Store mass app deletion which Google has just previewed and confirmed is now just six weeks away: “We’re updating the Spam and Minimum Functionality policy to ensure apps meet uplifted standards for the Play catalog and engage users through quality functionality and content user experiences.”
From August 31, the type of apps in Google’s crosshairs will include those “that are static without app-specific functionalities, for example, text only or PDF file apps, apps with very little content and that do not provide an engaging user experience, for example, single wallpaper apps, and apps that are designed to do nothing or have no function.” Of which there are literally millions—some no doubt on your own phone.
Google is being clever here, ramping up its quality threshold. We have seen multiple recent examples of vacuous but seemingly harmless apps getting onto Play Store and then either being used as a conduit to other malware-laced apps, or more recently used as evil-twin decoys for those alternatives.
If one assumes that most dangerous apps on Play Store serve little legitimate purpose, then this is an excellent approach to tightening the net. As such, while purging apps is not new for Google, this time it feels different. There is a building expectation that this will even hit some popular apps with millions of installs, and some legitimate apps which are low on the quality mark will also fail to make the cut.
For developers, Google warns apps must “provide a stable, responsive, and engaging user experience… Apps that crash, do not have the basic degree of adequate utility as mobile apps, lack engaging content, or exhibit other behavior that is not consistent with a functional and engaging user experience are not allowed on Google Play.”
These are not the only changes coming into force on Play Store with enhanced security in mind. Google’s July 17 policy changes include enhanced malware prevention—including a mandate that developers must remove third-party code from providers known to peddle malware, regardless of the code itself, as well as new rules on spyware prevention and tighter enforcement across the board.
None of this should be unexpected amongst developers, and they have six weeks to assess whether or not they comply. The days of Google encouraging third-party stores and users to sideload apps regardless of origin are long gone. We are fast approaching Play becoming as near a simile to Apple’s App Store as we could ever see.
It should come as little surprise that Google’s Great Play Store Purge has generated global headlines following the announcement this week. The scale of likely deletions has taken industry watchers by surprise, with the “sudden” nature of the warning and the sheer scale of purge driving traffic. “A mass deletion event could be on the horizon,” writes PC Mag, meaning that “thousands of apps on the Google Play Store may suddenly disappear next month.”
But before the ink is even dry on those reports, here comes a stark reminder for Google and its Android users that this purge is no cure-all, that there is serious work still to be done to patch security holes in the store, protecting users better than now.
That reminder comes courtesy of Android Police, which has just highlighted another major Play Store issue that may appear as a quality control issue, but which also carries serious security implications and which maintains an uncomfortable gap for Google between its own store and Apple’s locked-down equivalent.
“Please Google,” the Android technology site pleads, “just make updates work on the first try.” At issue is Play Store’s nasty habit of “falsely claiming your apps or Android version are up-to-date even when they’re not.” And while Android Police acknowledges that a “simple refresh” will likely fix the sync between phone and store, “that’s an extra step many people won’t bother to take.”
Let’s remember that while the purge itself seems to be driven by quality control, the real focus is security. Google has already thrown vast resource at the seemingly unsolvable Android malware challenge and the company is very sensitive to the inference it can’t keep users safe. Play Protect and the App Defense Alliance are good examples, as is the speed with which it responds to security report after report. But while those initiatives operate behind the scenes, the purge is here for all to see.
The report from Android Police is timely because it’s another example of Google’s challenge to match Apple. It’s the same type of issue that has Samsung and other OEMs drip-feed monthly security updates over weeks—by model, region and carrier, rather than all at once as Apple does. The same type of issue that has a zero-day vulnerability patched for Pixels in June but remain in the wild for other OEMs. Samsung has only just confirmed it’s fixing this in August, as reported here first.
The version sync issue, Android Police explains, began with Play Store “when Google uncoupled app updates from system updates, security patches and overall improvements could roll out to individual apps.” And while this is “a great feature, and one of the things that sets Android apart from iOS… the Play Store has a bad habit of not showing when an app update is available.” And that, unfortunately, also sets Android apart from iOS—but not in a good way, leaving users exposed.
So, plaudits to Google for this purge, but there’s still this “please try harder” from those that know Android best. Meanwhile, feedback out in the wild on the purge itself has been broadly positive, notwithstanding some die-hard Android resistance to anything Apple-like invading the ecosystem. “I hope it’s not more like Apple,” posted one Reddit user, “but some better regulations would be nice.” While another cheekily asked: “So the play store will be useful now?”
Meanwhile, the purge is just six weeks away. So if you can’t get enough of low-quality torches, horoscopes, and PDF or QR-code readers, then now is the time to stock up.