Google Play Store Hosted 239 Malicious Apps, Reaching 40 Million Downloads
MOUNTAIN VIEW, CA – November 7, 2025 – A recent report reveals teh Google Play Store unknowingly hosted 239 malicious applications that were downloaded a combined 40 million times. The finding raises concerns about the effectiveness of Google’s app vetting process, despite recent efforts to tighten security.
The incident comes as Google implements new policies requiring Android app developers to verify their identity with personal facts, goverment-issued IDs, and a registration fee. Google claims this measure is intended to reduce malware distribution, stating their analysis found “over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.”
However, the move has faced criticism, with F-Droid questioning the validity of Google’s data and suggesting the policy aims to exert greater control over the Android ecosystem. F-Droid asserts Google has not provided evidence supporting its claim about sideloaded malware rates.
This latest breach underscores ongoing vulnerabilities within the Play Store, even as Google attempts to address security concerns.The types of malware involved in previous attacks include Android Void, targeting Android-based TV boxes, and Xnotice, a Remote Access Trojan (RAT) aimed at jobseekers in the Middle East and North African region. Adware remains the most prevalent threat, accounting for 69% of cases, while the Joker malware family has seen a decrease from 38% to 23% of cases year-over-year.
The incident also occurs amidst a broader landscape of digital security threats, including the recent addition of one billion new passwords to the Have I Been Pwned database.
