Overview
Google has published its annual ads safety and Android platform security report, revealing that the company blocked or removed over 8.3 billion policy-violating ads and suspended 24.9 million advertiser accounts in 2025. Alongside this disclosure, Google announced a major Android 17 privacy policy overhaul targeting data collection practices for contact, location, and financial applications on the Play Store.
2025 Ads Safety by the Numbers
Google's enforcement actions in 2025 represent a significant escalation from prior years, driven by expanded AI-powered policy enforcement systems:
| Metric | 2025 Total |
|---|---|
| Ads blocked or removed | 8.3 billion |
| Advertiser accounts suspended | 24.9 million |
| Publisher sites/apps removed from network | Hundreds of thousands |
The majority of enforcement actions targeted:
- Malicious ads distributing malware or phishing lures
- Scam and counterfeit product advertising
- Financial fraud schemes disguised as legitimate investment platforms
- Impersonation campaigns mimicking government agencies and well-known brands
Android 17 Play Store Policy Changes
Alongside the ads safety report, Google announced new Play Store policies tied to the upcoming Android 17 release. The changes focus on restricting how apps access and handle sensitive user data categories.
Contact Data Permissions
Apps requesting access to user contact lists will now require explicit justification submitted via the Play Console, with Google human reviewers approving or denying access requests. Apps that fail to demonstrate a legitimate need for contact data will be rejected from the Play Store.
Location Permissions
Google is tightening background location access further, requiring apps to demonstrate that background location is core to their functionality — not merely convenient. Apps using background location for advertising purposes will be denied the permission.
Financial App Requirements
Financial applications, including banking apps, investment platforms, and cryptocurrency wallets, will be subject to enhanced verification requirements, including:
- Proof of regulatory compliance (e.g., banking licenses, fintech registrations)
- Mandatory disclosure of data sharing with third parties
- Enhanced malware scanning of financial app binaries prior to publication
Broader Privacy Context
The Android 17 policy changes arrive alongside broader efforts by Google to bolster platform trust in response to escalating regulatory pressure from the EU's Digital Markets Act and increasing scrutiny from US state attorneys general over mobile platform data practices.
Android 17 is also expected to include deeper Accessibility API restrictions — building on Android 16's work to block non-accessibility apps from leveraging accessibility services as a surveillance and credential theft vector.
What This Means for Security Teams
For enterprise security and mobile device management (MDM) teams, the Google announcements have several practical implications:
- Review managed app policies — Apps in your managed device inventory using broad contact or location permissions may face Play Store removal as the new policies take effect.
- Monitor financial app compliance — Confirm that banking and fintech apps used by employees will meet Android 17 verification requirements.
- Leverage Google Play Protect — Ensure Play Protect is enabled on all managed Android devices to benefit from Google's enhanced malware detection.