from google new download rules have been announced, which add more friction to the process of installing apps from unverified developers. While the change is intended to stop certain types of scams, it ignores a larger problem.
Google has set its sights on apps installed from other sources, but it doesn’t address the fact that millions of users are already exposed to malware through the official Play Store.
Do you think Google’s new download flow will have a significant impact on scams?
10 votes
Google targets the wrong problem
Megan Ellis/Android Authority
the new download processwhich will come into play in August, requires users to enable developer mode, confirm they are not being trained, restart their phones, wait 24 hours for a security delay, and then enable settings to allow them to install the app.
The good news is that this 24-hour process only needs to be completed once. But it’s a much longer flow than users are used to.
It also targets a very specific form of scam, in which scammers pressure targets to install malware as part of a fake emergency. The download process already includes obstacles and warnings, so Google’s new high-friction flow seems overkill.
The stakes already need to be high for this type of scam to work. Some level of social engineering is usually needed, along with the target’s contact details. Then, the target must also ignore multiple red flags during the process, as well as existing warnings on their phone.
However, scamming people through the Play Store is easy once the app gets past Google’s filters, making it a way to reach millions.
Play Store malware issue should be a bigger concern
Megan Ellis/Android Authority
While Google says Although “all Android apps undergo rigorous security testing before appearing on Google Play,” there is still a lot of malware in stores. Sometimes by the time these malicious apps are discovered, millions of people have already downloaded them.
For example, researchers from zscaler found 239 malicious Android apps on the Play Store that had attracted 42 million downloads between June 2024 and May 2025. This is not an isolated event either.
Also in 2025, a Satori Threat Intelligence and Research Team found 224 malicious apps on the Play Store that had more than 38 million downloads. These apps used devices to commit ad fraud. The apps specifically downloaded malicious code when users downloaded them after clicking on an ad that sent them to the Play Store listing.
Reports like these occur every year, with millions of users downloading malicious apps from the Play Store. The problem continues to grow, especially as applications are easier to produce than ever using AI.
These apps often pose as utilities, games, or clones of third-party apps, so it’s not as simple as avoiding a specific type of app.
Hundreds of malicious apps evade Play Store protections and are downloaded by millions of users each year.
While Google stops significant amounts of malware, many malicious apps still end up in the store, where they arrive without warning when a user installs them. Even the data security section, which aims to give users more information about permissions and how their information is used, is based on what the developer discloses.
Another problem with Play Store malware is the ease with which these apps can appear through online ads. Some ads automatically open the Play Store when they end or make the close button so small that users end up in the Play Store when they try to close an ad.
Since the Play Store presents itself as a trusted source of apps, users are less likely to raise an eyebrow compared to a random website or APK.
The Play Store gives users a false sense of security despite very real flaws in its malware filtering and data security disclosure policy.
Once an app is on your device, you don’t get warnings about granting sensitive permissions, such as the ability to appear on top of other apps.
Until the Play Store malware issues are fixed, it remains the main way scammers can target people. This sentiment has been echoed by some of our readers and YouTube viewers, some of whom only encounter malware on the Play Store.
From my own experience, the current download process already provides users with ample warnings. However, the Play Store attracts implicit trust despite its flaws.
The first and only time I sent my mom an APK to download, she asked me if it was safe once her phone warned her that it could be malicious. It was for the HUAWEI Health app, which he needed for his smartwatch. due to the Huawei banThe app is no longer available on the Google Play Store, regardless of where you live.
On the other hand, I’ve had to advise people I know not to use certain apps they got from the Play Store due to unreliable permissions and features. This included a family member with an app that mined cryptocurrency using their phone.
I don’t want to miss the best of Android Authority?
I would view Google’s new download process more optimistically if I felt that the company was truly committed to improving the security of its users. But this supposed solution makes life difficult for open source developers who don’t want to register with Google, and at the same time leaves many Play Store problems unresolved.
I feel like all the company has done is make downloading more frustrating. Meanwhile, regular Play Store users are left with a false sense of security.
Thank you for being part of our community. Read our Comment Policy before publishing.
