“There’s no doubt that a Google Pixel and an iPhone are nearly equal when it comes to security,” according to Android’s security guide. “For almost all threat models, they are almost identical in terms of their capabilities at the platform level.”
Unfortunately for Google, this claim is now eight years old and no more true now than it was then. But all that could change.
Back in 2016, the then Android Security Director had suggested in his interview Vice that “Android’s open ecosystem is going to put it in a much better position.” How times have changed. This open ecosystem remains Android’s main vulnerability, but at least Google is finally getting closer to knocking down the stable door.
While Play Store malware remains a risk—much more so than Apple’s App Store, sideloading poses the biggest threat. Samsung has been leading the way in cracking down on the third-party app store and direct installs, and it’s easy to see why. Google’s ongoing security campaign in Singapore “It has blocked almost 900,000 high-risk [sideloaded] attempts app installation on more than 200,000 devices” in less than six months.
So far, Google has focused on expanding its Play Protect ecosystem to better defend devices from third-party apps as well as those from its own Play Store. Android 15’s late introduction of AI-powered live threat detection will be the latest advancement in this approach. But it’s the massive changes to the Play Store itself that matter most, and could ultimately bring Android security closer to the iPhone.
In July, Google announced sweeping changes to the Play Store, with a collection of low-quality, poorly developed apps. This level of control is much more Apple-like than Google’s approach so far, but more crucially it should eliminate most shell-like apps that either hide malware or are linked to malware once installed on user devices.
“We’re updating our spam and minimal functionality policy,” the company warned app developers, “to ensure apps meet the upgraded standards for the Play catalog and engage users through quality functionality and content user experiences.”
These changes begin on August 31st, just five days from now.
But there is an ironic catch — and it’s a big one. Once Google gets around to this new way of thinking, regulators could all come crashing down.
A US federal judge just warned of “significant changes … to punish the company” after last year’s jury declared that the Play Store was “an illegal monopoly that has harmed millions of consumers and app developers.” Meanwhile, the UK regulator has “closed its existing investigations into Apple’s and Google’s respective app stores.” But this is a temporary reprieve, with “new laws governing digital markets” on the way.
Google’s new approach to Play Store security is smart and long overdue. The relentless promotion of Play Protect as a defense against rogue apps and now this app cleanup should prompt users to see the Play Store as the safe bet. Samsung’s default blocking of sideloading goes further. of Apple clear warnings that forcing it to open third-party app stores in Europe poses a risk to user security, does the same.
All of this raises a critical question for regulators, tech giants and users: what’s more important, security or a seemingly more open market for access to our phones. The very real fear is that you can’t have both, so technology ecosystems need to give users a reason to make the right choices despite the widening risks.
And on that note, we look forward to the coming months and the extent to which there is real bite behind Google’s threat to finally clean up the Play Store. How serious Google is about deleting all these threats—we’ll find out.