Google overhauls Android app rules to deter abuse

Tightens Play store terms and conditions

Google has issued a stern warning that app developers on its Play store should play fair, adjusting the official policy to outlaw abuses such as impersonation, spamming and deceptive advertising.

In a letter to developers, the company made clear that it would not tolerate "unhealthy behavior, like deceptive app names and spammy notifications."

Some of the changes seem obvious. Apps that disclose personal data without permission will no longer be permitted along with those that too closely resemble other apps and Android system apps in name or form. Anything that spams will be excluded.

"Products or the ads they contain also must not mimic functionality or warnings from the operating system or other applications," said Google.

"Developers must not divert users or provide links to any other site that mimics or passes itself off as another application or service. Apps must not have names or icons that appear confusingly similar to existing products, or to apps supplied with the device (such as Camera, Gallery or Messaging)."

Perhaps less obviously, the ads sometimes included in free apps will have to conform to the same standards as the app they are bundled with, which puts the onus on developers to coordinate this aspect of their software more carefully.

"It is important to us that ads don't negatively affect the experience by deceiving consumers or using disruptive behavior such as obstructing access to apps and interfering with other ads," said Google.

Apps with a connection to bullying, sexually explicit material, gambling and 'hate speech' are already banned but are included at the top of the new policy statement.

It might seem strange that some of these practices should need to be explicitly outlawed, but when it comes to Android apps ambiguity can lead to trouble as Android users have found out to their cost.

These days, the majority of problem apps arrive on people's smartphones from third-party app sites, but rogue apps on Play (formerly the Marketplace) are far from unknown, the best recent example being an app from last November that impersonated Angry Birds in order to generate costly SMS messages at £5 a time.

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Web Malware Protection System (MPS)

Web Malware Protection System (MPS) stops Web-based attacks that traditional and next-generation firewalls, IPS, AV, and Web gateways miss.

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »