The Information Highway

The Information Highway

Font size: +
2 minutes reading time (409 words)

Google Play will enforce business checks to curb malware submissions

Google is fighting back against the constant invasion of malware on Google Play by requiring all new developer accounts registering as an organization to provide a valid D-U-N-S number before submitting apps.

The new measure aims to enhance the platform's security and trustworthiness and is part of the effort to curb malware submissions from new accounts.

Typically, malicious apps on Google Play are submitted for review without dangerous code or payloads, which are then fetched later via an update in the post-installation phase.

The offending apps are reported and removed from the Play Store, and their developers are banned. However, it is relatively easy for them to create a new account and submit the same dangerous apps under a new name and theme.

To deal with this loophole, starting on August 31st, 2023, Google will require all developers creating new Play Console accounts to provide a valid D-U-N-S number.

D-U-N-S (Data Universal Numbering System) are unique nine-digit identifiers assigned by commercial data and business analytics firm Dun & Bradstreet to unique businesses.

Organizations requesting a D-U-N-S number from Dun & Bradstreet have to submit several documents that help verify the provided information, and the process can take up to 30 days to complete.

D-U-N-S is a globally recognized proprietary standard used by the United States government, the European Commission, the United Nations, and Apple, and it's considered trustworthy.

By requiring a D-U-N-S number from software developers, Google will make it much harder for publishers of malicious apps to re-register on the app store, as they would have to set up a new company to return to the platform.

In addition to the above, Google will change the "Contact details" section of app entries on the Play Store, renaming it to "App support" and adding more information about the developer.

Previously, this section hosted the developer's name, email, and location, but now it will also include the company name, complete office address, website URL, and phone number. 


Mockup of the new "App support" section (Google)


This change will enhance transparency, empowering users with a clearer understanding of the company responsible for each app.

Google says it will regularly verify information provided by app developers for inclusion in that section.

If they find any inconsistencies, they will suspend the account's ability to publish apps on the Play Store, eventually removing existing apps after a specified period. 

How does ChatGPT actually work?
Windows 11 23H2 coming this fall as a small enable...
 

Comments

No comments made yet. Be the first to submit a comment
Thursday, 14 November 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023