Google Uses AI to Secure Android, Blocks 1.75M Bad Apps: Report

Google blocked more than 1.75 million policy-violating apps from reaching Android users in 2025 and banned over 80,000 malicious developer accounts, according to its annual Android and Google Play security report released recently.

The numbers highlight how deeply artificial intelligence (AI) is now embedded across Google's app security infrastructure, at a time when attackers themselves are increasingly using AI to automate scams, malware distribution and social engineering.

Google's expanded use of AI in its app review pipelines and automated defences is designed to stay ahead of increasingly sophisticated threats.

The report said that at the centre of this effort is Google Play Protect, which now scans more than 350 billion apps every day across devices worldwide. The system monitors apps from both the Play Store and third-party sources in real time. In 2025 alone, it identified more than 27 million new malicious apps from outside Google Play, warning users or blocking installations before harm could occur, it said.

The reports said that generative AI models are now being integrated directly into Google's app review process, helping human reviewers detect complex abuse patterns faster. Every app submitted to Google Play undergoes more than 10,000 automated safety checks before approval, with continuous monitoring even after it goes live, the search giant said.

Privacy enforcement

Privacy was another major focus. Google said it stopped more than 255,000 apps from accessing sensitive user data unnecessarily, including permissions linked to location, photos and personal files. The company uses AI systems to spot patterns of permission misuse and suspicious API behaviour that could expose user data.

To reduce problems earlier in the process, Google has also built policy guidance directly into Android Studio. Developers now receive real-time alerts while writing code if they request high-risk permissions, helping them fix compliance issues before submitting an app for review instead of being rejected later.

Android Studio is Google’s official software development tool used by developers to build Android apps. An API, or Application Programming Interface, is a set of rules that allows apps to communicate with Android’s core system features. When apps request access to these APIs, they are essentially asking for permission to use certain device functions or data, which is why monitoring API and permission usage is important for user privacy and security.

Fraud Protection

Fraud protection also expanded significantly. After piloting in Singapore, Google rolled out enhanced Play Protect fraud detection to 185 markets, covering 2.8 billion devices, claimed the report. The system blocked 266 million risky installation attempts over the year and protected users from 8,72,000 high-risk apps, particularly those sideloaded through browsers or messaging platforms.

To counter phone-based social engineering scams, Google introduced a safeguard that prevents users from disabling Play Protect during live calls, a tactic scammers often exploit while impersonating tech support agents.

The company said it also used automated systems to defend the integrity of the Play Store itself. Anti-spam protections blocked 160 million fake ratings and reviews, including coordinated review-bombing campaigns designed to artificially lower app scores. Google says the systems prevented an average 0.5-star rating drop for apps targeted by such attacks, protecting both user trust and developer reputation.

Developers And Daily Checks

On the developer side, Google's Play Integrity API now processes more than 20 billion device integrity checks daily. New hardware-backed signals make it harder for threat actors to spoof devices, while Android 16 introduces simplified protections against tap jacking, a technique where malicious overlays hijack user taps for ad fraud. A new device recall feature, currently in beta, allows developers to identify repeat offenders even after a device has been factory reset, without compromising user privacy.

Beyond these technical controls, Google is also tightening developer identity verification to prevent malicious developers from repeatedly re-entering the ecosystem under new accounts. Full developer verification is expected to roll out more broadly in 2026, with a separate, lighter account tier introduced for students and hobbyists distributing apps to a limited number of devices.

For the more than 3 billion Android users globally, most of these protections operate quietly in the background. But the broader message is that AI now underpins much of Android's security infrastructure, and as attackers evolve, Google is increasingly relying on automated, AI-assisted defences to keep pace.