Google says that through 2025, it blocked more than 255,000 Android apps from obtaining excessive access to sensitive user data and rejected over 1.75 million apps from being published on Google Play due to policy violations.

The tech giant's annual review of Android and Google Play security reveals how effective the implemented protection measures were in maintaining an ecosystem with honest developers and compliant apps.

"We’re constantly improving our policies and protections to encourage safe, high-quality apps on Google Play and stop bad actors before they cause harm," Google says.

To this end, the company implemented more than 10,000 safety checks on published apps and strengthened detection capabilities by integrating Google’s latest generative AI models into the review process. This enabled human reviewers to identify complex and evolving malicious patterns more quickly and accurately.

The highlights in terms of user protection last year include banning more than 80,000 "bad developer accounts, detecting over 1.75 million policy-violating apps, and denying over 255,000 apps access to sensitive user data.

Spam ratings and inauthentic reviews also represented a significant risk as they can be used to influence user perception of an app.

Google says it blocked 160 million ratings last year and prevented an average 0.5-star drop that apps targeted by “review bombing” would otherwise have suffered.

Android’s built-in security suite, Play Protect, which now scans over 350 billion apps every day, has identified over 27 million malicious apps sideloaded from outside Google Play.

Play Protect’s ‘enhanced fraud protection’ was expanded to cover over 2.8 billion Android devices in 185 markets, blocking 266 million installation attempts from 872,000 unique risky apps.

The Play Integrity API service that app developers can use to protect their software against abuse and unauthorized access, now processes over 20 billion checks every day, Google says. In 2025, new hardware-backed signals and in-app remediation prompts were added.

Finally, Google has added built-in protections against “tapjacking attacks” with minimal developer effort in Android 16, released last June, blocking hidden windows loading ads that are automatically tapped for fraudulent financial gains.

Google says it will continue investing in AI-driven defenses, expand developer verification, and embed compliance tools directly into development workflows to prevent policy violations before apps are published.