The latest Android security scan reveals an impressive figure: Google has blocked the arrival of nearly two million malicious or non-compliant apps to the Play Store during 2025.The tech giant has relied on artificial intelligence and additional controls to protect its official store, which remains the main gateway to apps for millions of users in Spain, Europe and the rest of the world.
Beyond the raw data, the company's report makes it clear that the strategy no longer involves simply manually reviewing what is published. The Android ecosystem now relies on a network of automated defenses, real-time analysis, and developer verification.designed to detect both classic malware and new fraud tactics that rely on AI and social engineering.
A record year: almost 2 million apps stopped before reaching users
According to the annual report on Google Play and Android security, The company prevented the publication of around 1,75-2,3 million applications that violated their security and trust policies. In other words, these apps were stopped at the starting line, before they were even available to a single user.
Many of these applications, Google explains, were related to attempts to install malwarefinancial fraud, deceptive subscriptions, or abusive collection of personal dataThe company's stated priority is that the apps do not cause real harm, nor put the money or privacy of Android mobile users at risk.
In parallel, the company carried out a thorough overhaul of the developer ecosystem: Tens of thousands of accounts associated with malicious behavior were closed.Organized fraud networks or repeated attempts to circumvent store rules. This purging, Google emphasizes, is one of the reasons why attempts to sneak malicious apps in have decreased compared to previous years.
The data points to an interesting trend: although the total number of blocked applications is very high, The figure is slightly lower than in previous years.For the company, this does not mean there are fewer threats, but rather that Their entry barriers are acting as a deterrent., stopping many attackers before they even try to upload their software to the store.
For European users, including Spanish usersThis reinforcement comes in a context marked by stricter regulations on privacy and digital transparency, such as the General Data Protection Regulation (GDPR) or the new framework for digital services in the European Union.
AI takes the lead: this is how Google detects dangerous apps
The game-changer in 2025 has been the massive use of advanced artificial intelligence and machine learning models to audit application codeThese systems no longer simply compare files against a database of known malware, but also track suspicious behavior patterns, unjustified permissions, or connections to servers categorized as dangerous.
Google explains that the algorithms are capable of locating "Dormant malware" that remains inactive for days or weeks after installationas well as apps that, on the surface, seem harmless but, in the background, attempt to carry out advertising fraud or steal login credentials.
In this process, the company has integrated generative AI models in the pre-publication review phaseThe goal is to help human teams identify complex patterns faster. AI doesn't replace security specialists, but it does act as a very aggressive initial filter that drastically reduces the number of apps requiring detailed manual analysis.
Furthermore, the approach is multi-layered. Before an app appears on Google Play, It undergoes more than 10.000 automated security checks, which review everything from the use of sensitive permissions (such as location, contacts or SMS) to the presence of code obfuscation techniques used to hide malicious behavior.
Once the application is available in the store, Monitoring continues constantlyThe models analyze the app's actual behavior on devices, user feedback, suspicious reviews, and any updates the developer releases. If something changes drastically or signs of abuse appear, the Play Store may remove the app or proactively warn users.
Google Play Protect: the shield that also watches out outside the store
The other big piece of the puzzle is Google Play ProtectThe Android integrated protection system continuously analyzes the applications installed on each device. According to the report, its reach is massive. It performs more than 350.000 billion app analyses per day., including both those downloaded from the Play Store and those received through external channels.
During 2025, this shield allowed identification malicious applications distributed outside the storeIn these cases, the mechanism not only recognizes the software as dangerous, but also blocks its execution and, when possible, alerts the user with clear warnings to uninstall the app or avoid its installation.
The increase in threats from APK files downloaded from websites, third-party stores, or links shared on social media This is one of the points that most concerns the company. Cybercriminals are increasingly turning to these alternative channels to circumvent Play Store filters.Taking advantage of the fact that many users disable, even if only temporarily, the restrictions on installation from unknown sources.
To mitigate this risk, Google has introduced features such as the following in recent versions of Android: "Forced Isolation" for apps of unknown originAny installation from outside the Play Store runs in a restricted environment until Play Protect completes its analysis. If anything seems amiss, the system may block access to sensitive data or prevent the app from opening.
In parallel, the company has extended Play Protect protection to new types of fraud, such as phone scamsand has deployed specific measures to prevent minors from downloading gambling apps, dating apps or content unsuitable for their age, something especially relevant in highly regulated markets such as the European one.
Data control, fake reviews, and privacy protection
Beyond traditional malware, a significant part of Google's 2025 effort has focused on limit unjustified access of applications to personal data of users. According to the report, nearly 95% of apps on the Play Store have already migrated to the new privacy APIs, which significantly reduce the chances of accessing sensitive information without a clear reason.
Specifically, the company estimates that Approximately 255.000 applications were prevented from gaining excessive access to confidential data.such as precise location, contacts, call logs, or messages. These restrictions are based on both technical platform changes and new Play Store policies that require developers to better justify what they collect and why.
Another focus of action has been the fraudulent reviews and ratingswhich many attackers use to inflate the reputation of dangerous apps or sink the competition. Google's AI models allowed block over 160 million comments and ratings identified as spam or manipulatedthus avoiding, according to their calculations, an average drop of half a point in the valuation of legitimate applications.
This cleanup of the reviews system has a direct impact on the user experience, also in Spain and the rest of Europe, where other consumers' ratings are a key factor before installing a banking app, a productivity tool or a game.
Google has also promoted initiatives such as MASA (Mobile App Security Assessment)This program allows particularly sensitive apps—such as those used by banks, government agencies, or healthcare providers—to undergo external security audits and display a "verified security" label. While this seal is not yet ubiquitous, the company presents it as a way to provide added confidence in sectors where a security breach could have serious consequences.
Fewer malicious accounts and a somewhat cleaner ecosystem
The report also points to a significant reduction in the number of developer accounts suspended for malicious behaviorDuring 2025, Google closed around 80.000 accounts, a notable figure but significantly lower than in previous years, when there was talk of more than 150.000 or even more than 300.000 blocked profiles.
The company interprets this drop not as a relaxation of controls, but as This shows that the new barriers to entry—identity verification, pre-testing requirements, and automated controls—are working.By requiring more information and proof from those who want to publish, attempts to create disposable accounts to upload fraudulent apps en masse are reduced.
In parallel, tools aimed at legitimate developers, especially small studios and startups, have been strengthened to help them comply with regulations without adding too much friction. The company insists that its intention is to strengthen security without turning the publishing process into a bureaucratic ordeal.a delicate balance in an ecosystem with millions of active applications.
For app developers in Europe, this new environment means that Security and respect for privacy are no longer optional.Code analysis tools, permission minimization, and transparency in data handling are now factors that directly influence review time and the likelihood of an application being approved without issues.
From the end user's perspective, the goal is clear: Downloading an app from the Play Store should be a reasonably safe processwithout needing to become a cybersecurity expert. Google's controls don't eliminate the risk 100%, but they do significantly raise the bar that attackers have to overcome.
An ecosystem under constant pressure and with its sights set on the future
The published figures reflect the extent to which Android remains a prime target for cybercriminalsThe enormous number of devices in circulation, many of them in markets like Spain and the rest of the EU where mobile is the main way to access the Internet, turns any vulnerability into an attractive opportunity for fraud.
Google's reaction is to rely on precisely the same technologies used by the attackers: artificial intelligence, automation, and massive data analysisThe difference, according to the company, is that its models are trained on millions of examples of real malicious patterns, allowing them to identify new variants even when the code does not match previously cataloged threats.
Looking ahead, the company has made it clear that its priority is to turning Android and the Play Store into one of the most difficult ecosystems to compromiseTo achieve this, further improvements to Play Protect are expected, along with more permission controls, expanded external audits, and, presumably, even greater integration of AI at all levels of the system.
All this movement is taking place within a particularly demanding regulatory context in Europe, where compliance with privacy, transparency, and security standards will be closely monitored by the authorities. For users, This means more layers of protection and more visible signs of trust. When installing or updating an app, for developers, this means designing security as a basic requirement from day one, not as a last-minute addition.
Taken together, the 2025 data paint a picture in which Google has managed to block more than two million dangerous or irregular applications before they reached mobile devices, clean up part of the developer ecosystem, and detect tens of millions of threats outside the store.The problem of malware on Android is far from disappearing, but the leap in tools, controls and use of AI indicates that the balance is beginning to tip a little more towards the side of defense.