Google Blocks 1.75 Million Risky Apps and 255,000 Data-Hungry Android Apps in 2025 Crackdown

AI-powered review systems tighten control over malicious developers and policy violations.

Google has revealed that it rejected more than 1.75 million Android apps from being published on Google Play in 2025 due to policy violations.

Additionally, the company blocked over 255,000 apps from gaining excessive access to sensitive user data.

The figures come from Google’s annual Android and Play ecosystem security review.

AI-Driven Security Review

Google reported that it carried out more than 10,000 safety checks on published applications. The company also integrated its latest generative AI models into the app review workflow.

As a result, human reviewers detected complex and evolving malicious patterns more quickly.

In total, Google:

• Banned over 80,000 malicious developer accounts
• Identified 1.75 million policy-violating apps
• Denied 255,000 apps access to sensitive user information

Fighting Fake Reviews and Manipulation

Spam ratings and coordinated “review bombing” campaigns remained a growing concern.

Google blocked approximately 160 million fake ratings. Consequently, targeted apps avoided an average 0.5-star drop caused by malicious review manipulation.

Play Protect Expansion

Android’s built-in security layer, Play Protect, now scans over 350 billion apps daily.

In 2025, Play Protect:

• Detected more than 27 million malicious sideloaded apps
• Expanded enhanced fraud protection to 2.8 billion devices across 185 markets
• Blocked 266 million installation attempts from 872,000 risky apps

This expansion strengthens protection beyond the official Play Store, especially for users who install apps from third-party sources.

Stronger Integrity and Platform Controls

Google also enhanced the Play Integrity API, which processes over 20 billion checks daily. The update added hardware-backed signals and in-app remediation prompts to prevent abuse.

Meanwhile, Android 16 introduced built-in defenses against tapjacking attacks. These protections block hidden windows that trick users into tapping invisible ads or financial prompts.

Strategic Implications

The scale of rejected apps highlights the persistent pressure on mobile ecosystems. Threat actors continue testing distribution channels, data harvesting tactics, and developer impersonation schemes.

However, AI-assisted review and automated fraud detection are reshaping mobile defense.

Google says it will continue investing in AI-driven protections, expand developer verification, and embed compliance tools directly into development workflows.

As the Android ecosystem grows, automated enforcement and proactive threat detection remain central to keeping malicious apps out before they reach users.