Recently, Google began to take countermeasures against the continuous intrusion of malware on Google Play, requiring all new developer accounts registered in the name of institutions to provide a valid DUNS number before submitting applications.
This new measure will effectively improve the security and trustworthiness of the platform, while also effectively curbing the behavior of new accounts submitting malware.
Typically, malware on Google Play is submitted for review without dangerous code or payloads that are picked up through updates after installation.
Although the offending app will be removed from the Play Store after being reported, its developer will also be banned. But it is very easy for them to create a new account and submit the same dangerous app with a new name and subject.
To address this loophole, starting August 31, 2023, Google will require all developers creating new Play Console accounts to provide a valid DUNS number.
DUNS (Data Universal Numbering System) is a nine-digit identifier assigned to businesses by business data and business analytics firm Dun & Bradstreet, with each number unique.
Organizations applying for a DUNS number from Dun & Bradstreet must submit several documents to complete verification of information, a process that can take up to 30 days to complete.
DUNS is a globally recognized proprietary standard data universal numbering system. At the same time, the US government, the European Commission, the United Nations and Apple are all using the system, and its market recognition is extremely high and it is considered very trustworthy.
By requiring software developers to provide DUNS numbers, Google will also make it more difficult for malicious app publishers to re-register in the app store. Once they are judged to be malware and rejected, they will need to set up a new company if they want to enter the platform.
In addition to the above, Google is also changing the "Contact" section of Play Store app entries, renaming it "App Support" and adding more information about the developer.
Where previously this section contained only the developer's name, email, and location, it will now also include the company name, full office address, website URL, and phone number.
A mockup of the new "Application Support" section, source: Google
The change will increase the transparency of Google Play Services, giving users a clearer picture of which company is responsible for each app. Google says it regularly verifies information provided by app developers for inclusion in this section.
If they find any inconsistencies, they will suspend the account's ability to publish apps on the Play Store, eventually deleting existing apps after a specified time.