The Android ecosystem is facing a significant upsurge in threats: Kaspersky has identified more than 180.000 new malware programs for this system in the first quarter alone, representing a 27% increase compared to the previous period. The magnitude of this figure reinforces the need to raise the bar on mobile security, both for downloads from stores and direct installations.
In response, Google has announced a policy that will require the developer identity verification so that your applications can run on certified Android devices (such as Samsung, Pixel, and others with Google services). The measure covers Google Play, third-party stores, and installation via APK files, with the aim of curbing the spread of malicious code.
The magnitude of the increase: what's behind the 180.000 new threats
Kaspersky's count shows a acceleration of mobile malware which is not limited to a single vector. Among the most active families are the banking trojans (credential theft), adware (invasive advertising), spyware (message and location spying) and ransomware variants capable of blocking access to the device until payment is received.
Some of these threats pose as legitimate utilities, fake updates or everyday tools, and delay their malicious behavior to evade initial controls. This pattern, combined with artificially inflated reviews and manipulated download figures complicate the task of early detection.
The volume of samples in such a short time suggests that attackers exploit known gaps and weak configurations which still persist on many mobile phones, something that gets worse when system and application updates are not installed regularly.
Google's response: mandatory developer verification
Google's new security framework aims to ensure that, on certified mobile phones, Only apps from verified developers work. In practice, if the creator of an application is not registered and validated, their software may be blocked on devices with Google services, whether it comes from Play or from alternative stores or installation by APK.
The company clarifies an important nuance: the phones they use Android versions without Google services —for example, certain Huawei devices or ROMs like LineageOS— will not be affected by this change and will be able to continue installing unverified APKs as before.
The implementation will be gradual. Some developers will be able to start the process in October, with general opening in March; the deployment in Brazil, considered a high-risk market due to the prevalence of external downloads, is planned for September. The policy will then be extended to other countries identified as priorities —Indonesia, Singapore and Thailand—, with the goal of reaching global scope later on.
Why do malicious apps keep sneaking into stores?
Kaspersky notes that despite the progress, official stores are not waterproofPart of the review process is automatic and based on the app's initial behavior; some malicious actors activate harmful functions with a delay to appear legitimate, while resorting to fictitious reviews to gain visibility and credibility.
The problem is not exclusive to Android: cases have also been detected in the Apple App Store, with examples such as the SparkKitty Trojan aimed at stealing cryptocurrency-related data. This type of episode confirms that, no matter how strict the filters are, No store can guarantee zero risk.
Warning signs and practical measures
With an expanding threat landscape, it is appropriate to combine good digital practices with additional layers of protection. Before installing anything, it's worth thoroughly reviewing the app's reputation, update history, and the permissions it requests, as well as keeping your system up to date and having a mobile security solution reliable.
- Download wisely: Analyze real reviews, number of installations, and permissions; be wary of suspiciously positive reviews or apps that request unnecessary access.
- Update without delay: Many infections exploit known flaws; patching Android and apps reduces the attack surface.
- Control permissions: Restrict access to the camera, microphone, SMS, and accessibility; revoke anything that isn't essential for operation.
- Strengthen with mobile security: A reputable tool can detect anomalous behavior, block phishing and stop malicious installations on time.
- Pay attention to the signs: Abnormal battery or data consumption, intrusive ads, sudden slowdowns, or inappropriate permission requests are warning signs.
For advanced users, installing via APK offers flexibility, but increases the risk By bypassing Play controls, mandatory developer verification aims to close off one of the attackers' preferred entry points.
What changes for developers and users
Software creators must prove your identity if they want their apps to work on certified devices, which adds traceability and makes it easier to respond to abuse. Alternative stores operating in the Android ecosystem will also have to align with this requirement so as not to be left out of the game on mobile phones with Google services.
For users, the most visible effect will be that apps from unverified sources could stop running on their phones, reducing exposure to risky downloads. In markets where external downloading is common, such as Brazil, the adoption will be done in phases before spreading to other countries and, subsequently, to the entire ecosystem.
The increase of more than 180.000 new samples of mobile malware in just a few weeks and the tightening of publishing controls mark a turning point. Although mandatory verification reduces the attack surface, does not completely eliminate The problem: Effective protection requires keeping devices and apps up to date, downloading carefully, and relying on security tools that act as a last line of defense.