Google this week introduced a brand new set of Play coverage updates to strengthen person privateness and shield companies in opposition to fraud, even because it revealed it blocked or eliminated over 8.3 billion advertisements globally and suspended 24.9 million accounts in 2025.
The brand new coverage updates relate to contact and site permissions in Android, permitting third-party apps to entry the contact lists and a person’s location in a extra privacy-friendly method. This features a new Contact Picker, which presents a standardized, safe, and searchable interface for contact choice.
“This feature allows users to grant apps access only to the specific contacts they choose, aligning with Android’s commitment to data transparency and minimized permission footprints,” Google stated.
Beforehand, apps requiring entry to a selected person’s contacts relied on READ_CONTACTS, a very broad permission that granted apps the flexibility to entry all contacts and their related info. With the newest change launched in Android 17, apps can specify which fields from a contact they want, resembling telephone numbers or electronic mail addresses, versus studying the whole document.
The up to date coverage would require all relevant apps to make use of the picker (or the Android Sharesheet) as the primary option to entry customers’ contacts, with READ_CONTACTS now reserved just for apps that may’t perform with out it. It is suggested to completely take away the READ_CONTACTS permission from the app manifest declaration if it is concentrating on Android variations 17 (at present in beta) and later.
“If your app requires full, ongoing access to a user’s contact list to function, you must justify this need by submitting a Play Developer Declaration in the Play Console,” Google famous.
The second coverage change revolves round a streamlined location button that Google has launched in Android 17 that permits apps to request one-time entry to a person’s exact location. In doing so, it permits the person to make a more sensible choice about how a lot info they need to share and for what period. What’s extra, a persistent indicator will seem to alert a person each time a non-system app accesses their location.
To adjust to this replace, builders are being urged to assessment their apps’ location utilization to make sure that they’re requesting the minimal quantity of location information essential for them to perform.
“If your app targets Android 17 and above and uses precise location for discrete, temporary actions, implement the location button by adding the onlyForLocationButton flag in your manifest,” the tech big stated. “If your app requires persistent, precise location to function, you will need to submit a Play Developer Declaration in Play Console to show why the new button or coarse location isn’t sufficient for your app’s core features.”
The declaration kind is anticipated to be accessible earlier than October 2026, with pre-review checks within the Play Console to go stay beginning October 27 to determine potential contacts or location permissions coverage points.
Google can be implementing a safe manner for companies to switch possession of their apps by a local account switch function constructed into Play Console in order to remain protected in opposition to fraud. The corporate is recommending that app builders deal with account possession adjustments by this function beginning Might 27, 2026.
“That means that unofficial transfers (like sharing login credentials or buying and selling accounts on third-party marketplaces), which leave your business vulnerable, are not permitted,” it stated.
Google Takes Intention at Malvertising
The adjustments to the Android ecosystem come as Google stated it is harnessing the capabilities of Gemini, its synthetic intelligence (AI) mannequin, to detect and block malicious advertisements on its platform. Greater than 99% of policy-violating advertisements have been caught by its techniques in 2025 earlier than they have been proven to customers, it famous.
“Unlike earlier keyword-based systems, our latest models better understand intent, helping us spot malicious content and preemptively block it, even when it’s designed to evade detection,” Keerat Sharma, vice chairman and basic supervisor of Adverts Privateness and Security at Google, stated in a put up shared with The Hacker Information.
Taken collectively, the corporate eliminated or blocked 602 million advertisements and 4 million accounts that have been related to scams or scam-related exercise final 12 months. Greater than 4.8 billion advertisements have been restricted, and over 480 million internet pages have been actioned for trying to serve sexually express content material, weapons promotion, on-line playing, alcohol, tobacco, and malware.
In distinction, Google suspended over 39.2 million advertiser accounts in 2024, and stopped 5.1 billion dangerous advertisements, restricted 9.1 billion advertisements, and blocked or restricted advertisements on 1.3 billion pages.
“Bad actors are using generative AI to create deceptive ads at scale, and Gemini helps us detect and block them in real time,” Google stated. “By the end of last year, the majority of Responsive Search Ads created in Google Ads were reviewed instantly, and harmful content was blocked at submission — a capability we plan to bring to more ad formats this year.”
