Google is fighting back against the constant invasion of malware on Google Play by requiring all new developer accounts registering as an organization to provide a valid D-U-N-S number before submitting apps.
The new measure aims to enhance the platform's security and trustworthiness and is part of the effort to curb malware submissions from new accounts.
Typically, malicious apps on Google Play are submitted for review without dangerous code or payloads, which are then fetched later via an update in the post-installation phase.
The offending apps are reported and removed from the Play Store, and their developers are banned. However, it is relatively easy for them to create a new account and submit the same dangerous apps under a new name and theme.
To deal with this loophole, starting on August 31st, 2023, Google will require all developers creating new Play Console accounts to provide a valid D-U-N-S number.
D-U-N-S (Data Universal Numbering System) are unique nine-digit identifiers assigned by commercial data and business analytics firm Dun & Bradstreet to unique businesses.
Organizations requesting a D-U-N-S number from Dun & Bradstreet have to submit several documents that help verify the provided information, and the process can take up to 30 days to complete.
D-U-N-S is a globally recognized proprietary standard used by the United States government, the European Commission, the United Nations, and Apple, and it's considered trustworthy.
By requiring a D-U-N-S number from software developers, Google will make it much harder for publishers of malicious apps to re-register on the app store, as they would have to set up a new company to return to the platform.
In addition to the above, Google will change the "Contact details" section of app entries on the Play Store, renaming it to "App support" and adding more information about the developer.
Previously, this section hosted the developer's name, email, and location, but now it will also include the company name, complete office address, website URL, and phone number.
(Google)
This change will enhance transparency, empowering users with a clearer understanding of the company responsible for each app.
Google says it will regularly verify information provided by app developers for inclusion in that section.
If they find any inconsistencies, they will suspend the account's ability to publish apps on the Play Store, eventually removing existing apps after a specified period.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Comments
xafase - 2 years ago
This will do nothing to combat the spam and low effort software that already plagues the store.
ThomasMann - 2 years ago
Of course not... But less spam is also not the purpose of this. It purpose is to give to Google more power and control.
And of course it works.. Little programmers who produce even more useless apps than the million that already exist, do not deserve any better. Like all computer people they will do anything as long as it pays a little, and they can keep on dreaming of coming up with the new super app that will make them millions....
NoneRain - 2 years ago
The objective of this approach is literally on the title....
EndangeredPootisBird - 2 years ago
Don't bother responding to this guy, hes nothing but a troll.
HFire - 2 years ago
What will happen for non U.S. or Canadian companies?
h_b_s - 2 years ago
RTFA
HFire - 2 years ago
Following the link in the article, the D-U-N-S website only refers to U.S. and Canadian developers. There's no indication of what European developers should do to aquire a D-U-N-S number.
WisTex - 2 years ago
Dun & Bradstreet has offices worldwide. If you're not in the U.S., you would contact the DNB office in your country instead of applying on the U.S. website.
WisTex - 2 years ago
D-U-N-S is used worldwide. They would apply at a local Dun & Bradstreet office in their country.
gsurplus - 2 years ago
My understanding is that the DUNS number would be required for organizations but not for personnel use accounts. Is that inaccurate?
h_b_s - 2 years ago
That's accurate according to the article. And yes, the implication is that malicious app makers will just switch to individual personal accounts. They just can't impersonate legitimate companies as easily any more - assuming Google does what they say they will, anyway. They've yet to actually follow through on most of their identity protection promises for their products thanks to their notoriously non-existent customer support.
WisTex - 2 years ago
Overall, it's a good thing. A D-U-N-S number is used worldwide and your business has to be registered with a government to qualify for one. Google will pull up your business credit report and see if your company is legit. A D-U-N-S number is like an ID, but for business.
For individuals, Google could just start requiring government issued IDs.
Either way, spammers will need to give something that can be verified to create an account.