Google this week announced a series of new updates to its Play policies to strengthen user privacy and protect businesses from fraud, but also revealed that it will block or remove more than 8.3 billion ads and suspend 24.9 million accounts worldwide in 2025.
The new policy update is related to Android contacts and location permissions and allows third-party apps to access your contact list and user location in a more privacy-friendly manner. This includes a new contact picker that provides a standardized, secure, and searchable interface for contact selection.
“This feature allows users to grant access to apps only to specific contacts of their choice, aligning with Android’s commitment to data transparency and minimizing permission footprint,” Google said.
Previously, apps that needed access to a specific user’s contacts relied on READ_CONTACTS, an overly broad permission that gave the app the ability to access all contacts and their related information. The latest changes introduced in Android 17 now allow apps to specify desired fields from a contact (such as phone number or email address) instead of reading the entire record.
The updated policy now requires all applicable apps to use the picker (or Android Sharesheet) as the primary method of accessing a user’s contacts, and READ_CONTACTS is now reserved only for apps that cannot function without the picker. If you’re targeting Android version 17 (currently in beta) or higher, we recommend completely removing the READ_CONTACTS permission from your app’s manifest declaration.
“If your app requires full and continuous access to a user’s contact list to function, you must justify this need by submitting a Play Developer Declaration in the Play Console,” Google noted.
The second policy change revolves around the streamlined location button that Google introduced in Android 17, which allows apps to request one-time access to a user’s precise location. By doing so, users can make better choices about how much information they want to share and for how long. Additionally, a persistent indicator will appear to alert you whenever a non-system app accesses your location.
To comply with this update, developers are required to review their apps’ location usage and ensure that they are requesting the minimum amount of location data necessary for their apps to function.
“If your app targets Android 17 and above and you want to use precise location for individual, temporary actions, implement a location button by adding the onlyForLocationButton flag to your manifest,” the tech giant said. “If your app requires persistent, precise location information to function, you must submit a Play Developer Declaration in the Play Console to demonstrate why the new button or coarse location information is insufficient for your app’s core functionality.”
The declaration form will be available by October 2026, with pre-review checks in the Play Console starting October 27 to identify potential contact and location permissions policy issues.
Google is also implementing a secure way to transfer app ownership through a native account transfer feature built into the Play Console to protect businesses from fraud. The company recommends that app developers process account ownership changes through this feature starting May 27, 2026.
“This means that informal transfers that make businesses vulnerable, such as sharing login credentials or buying and selling accounts on third-party marketplaces, are not allowed.”
Google targets malvertising
The changes to the Android ecosystem come after Google announced it would leverage the power of its artificial intelligence (AI) model, Gemini, to detect and block malicious ads on its platform. In 2025, the company noted that more than 99% of policy-violating ads will be caught by its systems before being shown to users.
“Unlike previous keyword-based systems, our latest model better understands intent and helps us discover and proactively block malicious content, even when it’s designed to evade detection,” said Keerat Sharma, Google’s vice president and general manager of advertising privacy and safety, in a post shared with The Hacker News.
In total, the company removed or blocked 602 million ads and 4 million accounts related to fraud or fraud-related activity last year. More than 4.8 billion ads were restricted and more than 480 million web pages were taken action for attempting to offer sexually explicit content, weapons promotions, online gambling, alcohol, tobacco, or malware.
In contrast, Google suspended more than 39.2 million advertiser accounts, suspended 5.1 billion bad ads, restricted 9.1 billion ads, and blocked or restricted ads on 1.3 billion pages in 2024.
“Bad actors are leveraging generative AI to create deceptive ads at scale, and Gemini is helping us detect and block them in real time,” Google said. “By the end of last year, the vast majority of responsive search ads created in Google Ads were instantly reviewed and harmful content was blocked upon submission. We plan to bring this feature to more ad formats this year.”
Source link
