Google details app violations

Martin Shelton

Principal Researcher

It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

In the news

According to its security blog, Google prevented 2.28 million — yes, million — Android apps from being published on its Play Store in 2023. The company says it also removed 333,000 accounts for attempting to deliver malware through the Play Store, as well as for “repeated severe policy violations.” These numbers have grown substantially since 2022, when the company disclosed it prevented 1.43 million apps from being published on the Play Store. Read more.

What you can do

  • We can’t tell if Google’s getting substantially better at identifying these risky apps, if a growing number of developers are purposefully trying to push through dodgy apps, or both. Regardless, a lot of the things we should do with our smartphones remain the same: Some apps are asking for unnecessary, and sometimes invasive permissions, so you can decide which permissions make sense for you.
  • Likewise, running unnecessary code on a mobile device adds risk, so remove unnecessary apps when possible. To learn more, check out our guide to smartphone security.

Updates from our team

  • Outstanding colleague and education consultant Anastasia Kolobrodova has accepted a full-time position with Radio Free Asia. During her work with FPF, she helped to audit and reconfigure our guides and trainings, and contributed a great deal to our strategic thinking and long-term project plans.
  • Check out Anastasia’s final article during her consultancy (😭), a brief introduction to communication metadata.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.



Donate to support press freedom

Your support is more important than ever.

Read more about Digital Security Digest

Crossfire over messaging security

Johns Hopkins cryptography professor Matthew Green explains that “the cryptography behind Signal (also used in WhatsApp and several other messengers) is open source and has been intensively reviewed by cryptographers. When it comes to cryptography, this is pretty much the gold standard.” By comparison, Telegram does not provide end-to-end encryption protection by default and only offers it as an option in one-on-one “Secret Chat” mode.

Google Docs locks out writer

While it’s powerful and convenient, Google Docs might not be right for all documents, including those that you consider sensitive, private, or that you can’t risk losing. Read more about newsroom privacy and security considerations when using Google Workspace.

Bill expands US spying powers

Last week, Congress reauthorized a controversial surveillance authority, Section 702 of the Foreign Intelligence Surveillance Act. While legislators considered reforms to FISA that would restrain the federal intelligence and law enforcement community’s abilities to spy on American communications without a warrant, they in fact expanded these surveillance powers to subject more electronic communications service providers, such as U.S. cloud computing data centers, to data collection.