Google has published its 2025 Android and Google Play security recap, outlining a year of expanded AI-driven defenses, tighter developer accountability measures, and broader rollout of its on-device fraud protection system. The figures reflect both the scale of the threat and the investment Google has made in automated, real-time defenses.

App Review and Developer Enforcement

Google Play prevented more than 1.75 million policy-violating apps from being published in 2025 and banned over 80,000 developer accounts attempting to distribute harmful software. The company attributed the drop in successful submissions by bad actors partly to friction introduced by developer verification requirements, mandatory pre-review checks, and testing requirements that raise the compliance bar before an app can reach users.

Google also reported blocking over 255,000 apps from obtaining excessive access to sensitive user data, continuing a push toward minimal-permission app design that it supports through tooling in Android Studio.

AI Integration in the Review Pipeline

Google integrated its latest generative AI models into the app review workflow, using them to help human reviewers surface complex malicious patterns more quickly. The company notes that Google Play runs more than 10,000 safety checks on every app, both at submission and on an ongoing basis after publication.

Google Play Protect at Scale

Google Play Protect now scans more than 350 billion Android apps daily across both Play-distributed and sideloaded applications. In 2025, its real-time scanning identified over 27 million new malicious apps sourced from outside Google Play.

The enhanced fraud protection feature, which automatically blocks installation attempts by apps requesting sensitive permissions from internet-sideloading sources such as browsers or messaging apps, was expanded from an initial Singapore pilot to 185 markets. Google says the rollout now covers more than 2.8 billion Android devices. During 2025, the feature blocked 266 million risky installation attempts and flagged 872,000 unique high-risk applications.

In-Call Scam Protections

A new in-call scam protection feature prevents users from disabling Google Play Protect while on a phone call. The measure is designed to counter social engineering attacks in which callers instruct victims to turn off device defenses before downloading a malicious app. The feature preemptively locks that setting for the duration of a call.

Spam Ratings and Family Safety

Google’s anti-spam systems blocked 160 million fraudulent ratings and reviews in 2025, including both inflated and deflated submissions. The company says its detection models prevented an average 0.5-star rating drop for apps targeted by coordinated review bombing campaigns.

On the family safety front, Google added new restrictions to prevent younger users from discovering or downloading apps in categories such as gambling and dating, layering on top of existing parental controls and content filtering.

Takeaway for Security Teams

The report underscores that sideloading remains the primary vector for malware reaching Android devices at scale. Organizations managing Android fleets should verify that Google Play Protect is enabled and that enhanced fraud protection is active, particularly in regions where it has been recently expanded. The in-call scam protection feature is a notable operational control for environments where social engineering via phone is a realistic threat model.