Google Blocks 8.3 Billion Malicious Ads in 2025, Strengthens User Privacy with Android 17 Update
In a pivotal step towards enhancing user privacy and mitigating fraud, Google has unveiled a comprehensive update to its Play policy. This announcement coincides with the company’s report of blocking or removing over 8.3 billion ads globally and suspending nearly 25 million accounts throughout 2025. The updates primarily target contact and location permissions, aiming to empower users with greater control over their data while fostering a safer app ecosystem.
Enhanced Privacy Measures for Users
The recent policy modifications introduce a new Contact Picker feature, which promotes a more privacy-centric method for accessing user contacts. This feature enables third-party applications to access only the specific contacts that users select, rather than granting unrestricted access to all contacts. Google asserts that this initiative aligns with its commitment to data transparency and reducing permission footprints.
Historically, applications requiring access to user contacts depended on the READ_CONTACTS permission, which permitted access to all contacts and their associated information. With the rollout of Android 17, applications can now specify which fields they need, such as phone numbers or email addresses, instead of accessing the entire contact record. This change is anticipated to significantly diminish the risk of unauthorized data access.
New Requirements for App Developers
Under the revised policy, all applicable applications must employ the Contact Picker or the Android Sharesheet as the primary means of accessing user contacts. The READ_CONTACTS permission will now be reserved for applications that cannot function without it. Developers are advised to remove this permission from their app manifest if they are targeting Android versions 17 and above.
Google has clarified that if an application requires ongoing access to a user’s contact list, developers must substantiate this need by submitting a Play Developer Declaration through the Play Console. This requirement ensures accountability for developers regarding their data access practices.
Streamlined Location Access
Another significant update involves a new streamlined location button introduced in Android 17. This feature allows applications to request one-time access to a user’s precise location, enabling users to make informed decisions about the information they share and the duration of that sharing. A persistent indicator will notify users each time a non-system application accesses their location, thereby enhancing transparency.
Developers are encouraged to review their applications’ location usage to ensure they request only the minimum necessary location data. If an application targets Android 17 and above and requires precise location for temporary actions, developers must implement the location button by adding the onlyForLocationButton flag in their manifest. For applications that need persistent, precise location access, a Play Developer Declaration will be required to justify the necessity of such access.
Secure App Ownership Transfers
To strengthen security against fraud, Google is also launching a native account transfer feature within the Play Console. This feature aims to provide a secure method for businesses to transfer ownership of their applications. Developers are encouraged to utilize this feature for account ownership changes starting May 27, 2026. Google has explicitly stated that unofficial transfers, such as sharing login credentials or engaging in third-party marketplace transactions, are prohibited, as they expose businesses to vulnerabilities.
Combating Malvertising with AI
These policy changes arrive at a time when Google is intensifying its efforts to combat malicious advertising, commonly referred to as malvertising. The company has harnessed its Gemini artificial intelligence model to detect and block harmful ads on its platform. In 2025, over 99% of policy-violating ads were intercepted before reaching users, underscoring the effectiveness of this AI-driven approach.
Keerat Sharma, Vice President and General Manager of Ads Privacy and Safety at Google, stated that the new models are designed to better understand intent, enabling them to identify malicious content and preemptively block it, even when attempts are made to evade detection. In total, Google removed or blocked 602 million ads and 4 million accounts linked to scams or scam-related activities last year.
In comparison, Google had previously suspended over 39.2 million advertiser accounts in 2024, blocking 5.1 billion harmful ads and restricting 9.1 billion ads across various platforms. The company has indicated that bad actors are increasingly using generative AI to create deceptive ads at scale, making the need for robust detection mechanisms more critical than ever.
By the end of last year, the majority of Responsive Search Ads created in Google Ads were reviewed instantly, with harmful content being blocked at submission. Google plans to extend this capability to more ad formats in the coming year.
For ongoing coverage and breaking updates, visit our Latest News section.
Published on 2026-04-17 21:14:00 • By the Editorial Desk
