Google Improves Play Store Security To Prevent Malware, Scams

Google has announced the improvement of security and integrity of the Play Store by adding new restrictions and safeguards to developers' accounts in response to malware and scams.

Google Play Store developers will soon have to verify their email address and phone number and provide extra details like a physical address in an attempt to increase security and ensure that accounts are being created by ‘real people,’

Developers will also be required to use two-step verification. The search giant says it’s making the changes “to keep Google Play safe and secure and to better serve our developer community,” and to “make sure that every account is created by a real person with real contact details.”

Google has been faced with multiple threat actors offering to automate the process of creating Google Play developer accounts en-masse and then sell them to other groups who would later use them to upload malicious apps on the Play Store containing malware, different scams, clones of legitimate apps. 

A screenshot of a cybercrime forum post published by The Record shows these accounts being sold for $89 each.

Image: The Record

Google has mandated the developers' community to embrace Google’s 2-Step Verification as an additional safeguard to help protect your account, your app, and your users thereby, making it difficult for scammers to break into and steal legitimate accounts.

“In addition to learning more about our developer community, we’re also taking steps to improve security and keep your accounts safer by mandating that users of Google Play Console sign in using Google’s 2-Step Verification. 2-Step Verification is an additional safeguard to help protect your account, your app, and your users.”

Account owners will have the privilege of choss their account type as personal or business and verifying their contact details. Then in August, all new signups will be required to follow these same steps when they create their accounts, and to use two-step verification and all changes will be fully implemented for all existing accounts later this year.

The protection updates come at a time when duplicated apps carrying malware are on the Play Store preventing users from identifying which app is authentic.

Read Also: Malware: What You Need To Know About Them (part 1)

Read Also: How To Detect, Prevent, Remove Malware From Devices

Kaspersky confirmed to AllNews that it has recently launched a Security Cloud- Free that automatically protects users round the clock and would alert the user when to block direct threats as a result of malware creators regular disguise of their programmes as legitimate software on the Play Store in order to lure users into installing malicious files.

"Kaspersky recommends downloading applications from legitimate sources. We have recently launched our Kaspersky Security Cloud -Free that is built with patented adaptive technologies, that adjusts to your life to keep you safe. It knows when to alert you, when to warn you and when to step in to block direct threats. And because it’s always on, it protects you round the clock.”

According to Google, the timeline of these upcoming changes will be as follows:

Starting June 28, 2021: Developer account owners will be able to declare their account type and verify their contact details.

August: All new developer accounts will need to specify their account type and verify their contact information at sign-up. 2FA will also be a requirement for the owners of new developer accounts.

Later this year: All Play Store dev accounts will need to declare their account type, verify credentials, and enable 2FA.