The Google Play Store is making a big change to fend off malware — here’s how

Google Play store on an Android device
(Image credit: Rafapress/Shutterstock)

In order to prevent hackers from sneaking malware onto the Play Store, Google has announced a new developer requirement designed to reduce the likelihood that malicious apps could end up on its Android app store.

As reported by BleepingComputer, Android developers registering as an organization to put their apps on the Play Store will now be required to provide a valid D-U-N-S number before submitting their apps for approval.

The malicious apps that manage to bypass Google’s security checks often appear as legitimate apps when submitted for review. However, after the review process is complete, the hackers behind them then add malware to their apps or have the apps themselves download other malicious payloads.

While these malicious apps are then removed from the Play Store and the developer accounts that submitted them are banned, it’s quite easy for hackers and other cybercriminals to create a new account and then submit these same dangerous apps under a new name. 

Once this change goes into effect though, it will be a lot harder for hackers to get around Google’s restrictions since they’ll need a valid D-U-N-S number to submit new apps.

What is a D-U-N-S number?

A D-U-N-S or Data Universal Number System number is a unique nine-digit identifier that is issued by the data and business analytics firm Dun & Bradstreet. Each of these numbers is then assigned to a unique business.

In order to request a D-U-N-S number from the firm, Android app developers and other businesses first need to submit several documents in order to help verify the information they’ve provided. Receiving a D-U-N-S number can also take up to 30 days which is quite a lot of time for an app developer interested in making money from having their app listed on the Google Play Store.

Although you’ve likely never heard of D-U-N-S before, the standard is used by the U.S. government, the European Commission, the United nations and even Apple, as it’s considered very trustworthy. Setting up a new company to return to the Play Store is also the kind of hassle that will prevent hackers and other cybercriminals from trying to distribute their malicious apps on the platform.

Besides requiring that all new developers have a valid D-U-N-S number, Google is also changing the “Contact details” section on app listings on the Play Store by renaming it to “App support” and adding even more information about each developer.

According to a blog post announcing these new changes, Google says that all new Android developers will need to provide a valid D-U-N-S number when creating their accounts beginning on August 31. Later this year though, all existing developers will also be required to update and verify their existing accounts.

How to stay safe from Android malware

A hand holding a phone securely logging in

(Image credit: Google)

Even with Google implementing these new requirements to make the Play Store safer from malware, there will still be malicious apps that can drain your bank account, steal your identity and more. While you won’t find them on the Play Store as often, hackers will likely use sideloaded apps to infect unsuspecting Android users with malware.

As such, you should avoid sideloading any app onto the best Android phones despite how simple and fast the process of doing so may be. Instead, you should only download new apps from official app stores like the Play Store, Amazon App Store and Samsung Galaxy Store.

Although Google Play Protect comes pre-installed on most Android phones to defend against malware, you may also want to consider installing one of the best Android antivirus apps for additional protection. Still, if you’re on a tight budget, Google Play Protect can scan all of your existing apps and any new ones you download for malware.

At a time when many Android users are upgrading to the best iPhones, this new requirement should help make the Play Store even safer and might make users pause before switching from Android to iPhone.

More from Tom's Guide

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.