In 2024, Google took significant steps to protect its Android ecosystem. The company blocked more than 2.36 million apps that violated its policies, preventing them from being published on the Google Play Store. Moreover, Google banned over 158,000 developer accounts attempting to distribute harmful apps.
Protecting User Data and Improving App Security
Google’s efforts aren’t just about blocking harmful apps—they also focus on safeguarding user privacy. By collaborating closely with developers, Google prevented over 1.3 million apps from accessing unnecessary sensitive data.
Additionally, Google Play Protect, the built-in security feature for Android devices, flagged over 13 million new malicious apps that tried to bypass the official app store.
As a result of these efforts, 91% of app installs on the Play Store now use the latest security protections from Android 13 or newer.
In 2023, the company blocked 2.28 million risky apps, and in 2022, it blocked 1.43 million.
Reducing Risks from Unverified Sources
One of the most impactful security tools introduced by Google is the Play Integrity API. This tool helps developers check whether their apps have been tampered with or are running in insecure environments. In 2024, the API helped reduce the use of unverified apps by 80%, which significantly lowers the risk for users.
Furthermore, Google has worked to block sideloading in regions with high levels of risky app installations, such as India, Brazil, and Vietnam. These efforts have protected over 10 million devices from 36 million risky installation attempts, affecting more than 200,000 apps.
The Introduction of a “Verified” Badge for VPN Apps
In a move aimed at further strengthening privacy, Google introduced a new “Verified” badge for VPN apps. These apps must pass Google’s Mobile Application Security Assessment (MASA) audit to earn the badge. Launched in November 2023, the badge helps users identify trustworthy VPN services that prioritize security and privacy, making it easier for users to make informed choices.
The Tria Stealer Malware Campaign
Despite Google’s ongoing efforts, new threats continue to emerge. One such threat is the Tria Stealer malware, which primarily targets Android users in Malaysia and Brunei. The malware spreads via personal and group chats on platforms like Telegram and WhatsApp, often disguised as APK files.
Once installed, Tria Stealer requests dangerous permissions to access sensitive data from apps like Gmail, Microsoft Outlook, and WhatsApp. The stolen data is then sent to Telegram bots controlled by cybercriminals, who use it for malicious purposes.
How Tria Stealer Enables Financial Scams
One of the most concerning aspects of Tria Stealer is its ability to steal SMS data, including one-time passwords (OTPs). This gives cybercriminals access to online services, including banking accounts. Once they hijack messaging apps like WhatsApp, they can impersonate victims and trick their contacts into transferring money. The malware then spreads by convincing victims to share the malicious APK with their friends and family.
Tria Stealer and Its Possible Links to Previous Malware Campaigns
Researchers at Kaspersky have pointed out that Tria Stealer shows similarities to another malware campaign called UdangaSteal. Both campaigns targeted users in Indonesia and India, using similar tactics to spread the malware. However, there’s no conclusive evidence linking these two malware strains to the same threat actor.
