Android is known for its open ecosystem. While this is an advantage to its development, it's a disadvantage for security.
App developers, for example, can do pretty much to alter Android's core experience, in many ways they want. They can inject ads, that will show up shamelessly on users' home screen.
Developers' intention is to essentially trick users into clicking ads, which are often unrelated to the apps themselves. While ads are the things that lube the economy gears of most modern apps, nobody wants ads to show up when they're least expected. This shady practice have been an ongoing issues in a number of Android apps.
Most of the times, those ads can be easily ignored. But accidental clicks are possible, and this has the potential for bad advertisers to bring users to their website where they can phish users' personal information.
That's sneaky, and Google acknowledges this.
For this reason, Google is banning apps those kind of apps from its Play Store.
To highlight this effort, Google's Developer Policy Center, which details what types of appropriate apps can be included within Android apps, changes:
Another thing to improve security, is with Google implementing more requirements for apps.
The company's Safe Browsing team is adding some security measures, requiring apps that handle user data (like phone numbers or emails) or device data (such as IMEI number), to have their own privacy policy displayed within the app.
If this requirement isn't met, warnings will be shown on users' devices through Google Play Protect or on web pages that lead to these apps.
And if the data that are collected by apps don't relate to its functionality, the app should be able to explain how the data will be used, after which the user can provide his/her consent.
Google said it would also enforce its Unwanted Software Policy to apply under scenarios that included analytics and crash reporting.
"The list of installed packages unrelated to the app may not be transmitted from the device without prominent disclosure and affirmative consent," said Paul Stanton from Google’s Safe Browsing Team.
This applies to both Google Play and other app markets, to ensure that developers won't do any sneaky monetization attempts, as well as preventing personal data to fall to the wrong hands.