Google Play will enforce business checks to curb malware submissions

Google is fighting back against the constant invasion of malware on Google Play by requiring all new developer accounts registering as an organization to provide a valid D-U-N-S number before submitting apps.

The new measure aims to enhance the platform's security and trustworthiness and is part of the effort to curb malware submissions from new accounts.

Typically, malicious apps on Google Play are submitted for review without dangerous code or payloads, which are then fetched later via an update in the post-installation phase.

The offending apps are reported and removed from the Play Store, and their developers are banned. However, it is relatively easy for them to create a new account and submit the same dangerous apps under a new name and theme.

To deal with this loophole, starting on August 31st, 2023, Google will require all developers creating new Play Console accounts to provide a valid D-U-N-S number.

D-U-N-S (Data Universal Numbering System) are unique nine-digit identifiers assigned by commercial data and business analytics firm Dun & Bradstreet to unique businesses.

Organizations requesting a D-U-N-S number from Dun & Bradstreet have to submit several documents that help verify the provided information, and the process can take up to 30 days to complete.

D-U-N-S is a globally recognized proprietary standard used by the United States government, the European Commission, the United Nations, and Apple, and it's considered trustworthy.

By requiring a D-U-N-S number from software developers, Google will make it much harder for publishers of malicious apps to re-register on the app store, as they would have to set up a new company to return to the platform.

In addition to the above, Google will change the "Contact details" section of app entries on the Play Store, renaming it to "App support" and adding more information about the developer.

Previously, this section hosted the developer's name, email, and location, but now it will also include the company name, complete office address, website URL, and phone number.

Mockup of the new "App support" section
(Google)