AI-driven defences reshape Google Play’s security landscape

Google said it prevented 1.75 million policy-violating apps from being published on Google Play in 2025, using artificial intelligence to strengthen its security systems and deter harmful developers. The figure is lower than the 2.36 million apps blocked in 2024, which the company attributed to its expanding automated protections, which discourage bad actors before they attempt to upload problematic software.

The company explained that its AI-based systems now carry out more than 10,000 safety checks on every app before and after publication. These checks aim to detect malware, policy violations and suspicious behaviour throughout an app’s lifecycle. Google also said its latest generative AI models help human reviewers identify patterns associated with malicious activity more quickly, allowing faster action when risks are found.

Google highlighted additional progress in tackling fake engagement and manipulation. It said it blocked 160 million spam reviews and ratings in 2025, which helped prevent targeted apps from suffering an average rating drop of around half a star due to review bombing. The company also blocked 255,000 apps from gaining excessive access to sensitive user data, a significant reduction from 1.3 million the previous year, which Google suggested reflected improved developer practices and stricter screening.

The company positioned these developments as evidence that automated tools are becoming central to managing the vast scale of the Play Store. With millions of apps and frequent updates, Google has long relied on machine learning to monitor behaviour at scale. Still, it now claims its newer AI systems can identify threats earlier and with greater accuracy.

Play Protect expands fraud detection and device coverage

Google also reported progress in protecting users directly through Google Play Protect, its built-in Android security service. According to the company, Play Protect detected more than 27 million new malicious apps in 2025, either warning users about risks or blocking apps from running on their devices.

The service’s enhanced fraud protection now covers 2.8 billion Android devices across 185 markets, reflecting Android’s global footprint. Google said Play Protect blocked 266 million risky attempts to install apps from outside the Play Store through side-loading, a method often used to distribute malware. The company argued that this layered approach, combining store-level checks with device-level protections, is necessary to counter increasingly sophisticated threats.

In a blog post, Google said it has tightened developer entry requirements and increased scrutiny before apps are published. “Initiatives like developer verification, mandatory pre-review checks, and testing requirements have raised the bar for the Google Play ecosystem, significantly reducing the paths for bad actors to enter,” the company said. “This year, we’ll continue to invest in AI-driven defenses to stay ahead of emerging threats and equip Android developers with the tools they need to build apps safely.”

The company has emphasised that its focus on security is intended to benefit both users and developers, reducing fraud, improving trust and supporting legitimate businesses. Google said it will continue to refine its systems to respond to new forms of abuse, including scams, data misuse and fake engagement.

Regulatory pressure and debates over app store fees

Google’s security announcements come as the company faces ongoing scrutiny over its app store business model and fees. The company has long defended its commissions on app purchases and subscriptions by highlighting investments in security, infrastructure and developer tools. Google argues that these fees support the ecosystem and help fund protections such as those described in its latest report.

However, regulators in Europe and other regions have raised concerns that Google’s control over Android app distribution gives it excessive market power. Critics argue that its fee structure and restrictions on alternative payment systems can limit competition and raise costs for developers and consumers. Last year, Google adjusted its fee policies for developers using alternative payment channels. However, European Union regulators have said the company still may not be fully complying with the Digital Markets Act.

The ongoing regulatory debates highlight the tension between platform operators and policymakers. While Google emphasises security and user protection, regulators are increasingly focused on ensuring fair competition and reducing barriers for smaller developers. The company’s use of AI to manage the Play Store at scale may strengthen its case that running a secure app marketplace requires significant investment. Still, critics argue that this does not justify restrictive practices.

Google’s latest figures suggest that automated systems are playing an increasingly important role in app store governance. By reducing the number of harmful apps reaching users and blocking large volumes of fake engagement, the company is signalling that AI is becoming central to its platform strategy. At the same time, regulatory challenges are likely to continue as governments seek to balance security, competition and consumer protection in the digital economy.