Google has published its 2025 annual security report, detailing how artificial intelligence (AI) has strengthened protections across Google Play and the wider Android app ecosystem, as the company seeks to bolster trust among billions of Android users worldwide.
In the report, titled “Keeping Google Play and Android App Ecosystems Safe In 2025”, Google said it tightened its app review standards and significantly expanded AI-assisted monitoring. In 2025, the company blocked 1.75 million policy-violating apps from being published on the Google Play Store and permanently banned 80,000 malicious developer accounts that attempted to distribute malware.
The company also prevented 255,000 apps from accessing excessive user data after identifying unnecessary or abusive permission requests. In addition, AI systems detected and removed more than 160 million fake reviews, aiming to preserve the integrity of app ratings and user feedback.
What set 2025 apart, Google said, was the deployment of generative AI tools to assist human review teams. These systems were able to rapidly analyse complex and potentially harmful code patterns, enabling faster and more accurate enforcement decisions.
Google Play Protect continued to play a central role, scanning not only apps listed on Google Play but also applications installed across Android devices globally – amounting to more than 350 billion scans per day. Over the past year, it detected more than 27 million harmful apps installed from outside official channels, commonly known as sideloading.
Google expanded its advanced fraud protection system to 185 countries, targeting apps installed from untrusted sources such as browsers or chat applications that request sensitive permissions. The system blocks such apps immediately to safeguard users’ financial security. The company also enhanced its in-call scam protection feature, designed to prevent fraudsters from persuading users to disable Google Play Protect during phone calls – a tactic frequently used in social engineering attacks.
Arguing that security must begin at the coding stage, Google introduced new developer tools. Play Policy Insights in Android Studio alerts developers when code may risk violating privacy policies. The Play Integrity API now includes hardware-level verification to confirm that apps are running on genuine Android devices rather than fraudulent emulators. Developer Verification measures have also been strengthened to prevent repeat abuse by anonymous bad actors.
Looking ahead, Google said Android 16 will introduce stronger protections, including enhanced defences against tapjacking – a technique in which malicious apps overlay transparent layers to trick users into transferring money. Developers will be able to enable protection for sensitive applications, such as banking apps, with a single line of code.
Despite advances in AI-driven security, Google stressed that user vigilance remains essential. It advised users to keep Google Play Protect enabled, avoid installing apps from untrusted sources unless necessary, and carefully review permission requests before granting access.