Google Blocks 8.3 Billion Malicious Ads in 2025, Strengthens Privacy with Android 17 Update
In a significant move to enhance user privacy and combat fraud, Google has announced a comprehensive update to its Play policy. This initiative comes alongside the revelation that the tech giant blocked or removed over 8.3 billion ads globally and suspended nearly 25 million accounts in 2025. The updates, particularly focused on contact and location permissions, aim to provide users with more control over their data while ensuring a safer app ecosystem.
Enhanced Privacy Measures for Users
The latest policy changes introduce a new Contact Picker feature, designed to facilitate a more privacy-conscious approach to accessing user contacts. This feature allows third-party applications to access only the specific contacts a user selects, rather than granting blanket access to all contacts. Google emphasizes that this aligns with its commitment to data transparency and minimizing permission footprints.
Previously, applications that required access to a user’s contacts relied on the READ_CONTACTS permission, which allowed access to all contacts and their associated information. With the introduction of Android 17, apps can now specify which fields they need, such as phone numbers or email addresses, rather than accessing the entire contact record. This change is expected to significantly reduce the risk of unauthorized data access.
New Requirements for App Developers
Under the updated policy, all applicable apps must utilize the Contact Picker or the Android Sharesheet as the primary means of accessing user contacts. The READ_CONTACTS permission will now be reserved for apps that cannot function without it. Developers are advised to remove this permission from their app manifest if they are targeting Android versions 17 and above.
Google has made it clear that if an app requires ongoing access to a user’s contact list, developers must justify this need by submitting a Play Developer Declaration through the Play Console. This requirement ensures that developers are held accountable for their data access practices.
Streamlined Location Access
Another critical update involves a new streamlined location button introduced in Android 17. This feature allows apps to request one-time access to a user’s precise location, enabling users to make informed decisions about the information they share and for how long. A persistent indicator will alert users each time a non-system app accesses their location, further enhancing transparency.
Developers are urged to review their apps’ location usage to ensure they request only the minimum necessary location data. If an app targets Android 17 and above and requires precise location for temporary actions, developers must implement the location button by adding the onlyForLocationButton flag in their manifest. For apps that need persistent, precise location access, a Play Developer Declaration will be required to justify the need for such access.
Secure App Ownership Transfers
To bolster security against fraud, Google is also implementing a native account transfer feature within the Play Console. This feature aims to provide a secure method for businesses to transfer ownership of their apps. Developers are encouraged to utilize this feature for account ownership changes starting May 27, 2026. Google has explicitly stated that unofficial transfers, such as sharing login credentials or engaging in third-party marketplace transactions, are not permitted, as they expose businesses to vulnerabilities.
Combating Malvertising with AI
These policy changes come at a time when Google is intensifying its efforts to combat malicious advertising, or malvertising. The company has leveraged its Gemini artificial intelligence model to detect and block harmful ads on its platform. In 2025, over 99% of policy-violating ads were intercepted before reaching users, showcasing the effectiveness of this AI-driven approach.
Keerat Sharma, Vice President and General Manager of Ads Privacy and Safety at Google, noted that the new models are designed to better understand intent, enabling them to identify malicious content and preemptively block it, even when attempts are made to evade detection. In total, Google removed or blocked 602 million ads and 4 million accounts linked to scams or scam-related activities last year.
In comparison, Google had previously suspended over 39.2 million advertiser accounts in 2024, blocking 5.1 billion harmful ads and restricting 9.1 billion ads across various platforms. The company has indicated that bad actors are increasingly using generative AI to create deceptive ads at scale, making the need for robust detection mechanisms more critical than ever.
By the end of last year, the majority of Responsive Search Ads created in Google Ads were reviewed instantly, with harmful content being blocked at submission. Google plans to extend this capability to more ad formats in the coming year.
For more information on these developments, refer to the source: thehackernews.com.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
