Hacker News new | past | comments | ask | show | jobs | submit login
Google removed 2.36M apps from Google Play using AI threat detection (googleblog.com)
73 points by isaacfrond 15 days ago | hide | past | favorite | 39 comments



What instantly came to mind for me was that this is yet another step forward in turn-developers-lives-into-dystopias. It wasn't bad enough that the algorithms would flag and ban-hammer people with no ability to reach a human, but now we have to use "AI" to make those decisions. Hopefully not the same AI that routinely fails to accurately summarize news articles... And don't worry, once the AI decides the person is evil, it proceeds to nuke everything associated with them as well so that way their personal photos in G Photos and personal gmail account etc will also disappear, and ideally they won't even be able to use their Android phone.

I have little sympathy for (truly) bad actors, but it seems we've completely abandoned Blackstone's ratio in favor of returning to a world where the nobility can execute a peasant without a trial. Now the human doesn't even have to hear the peasant's explanation or petition!

I would never do a startup nowadays that relied on shipping an app to the Play Store (or the Apple store for that matter, but that's a different cause which is off-topic atm). In fact, I've pivoted my current org to focus first on developing a great web app experience, and the native apps second. Putting your livelihood or company on the mercy of these app store people is a terrible and increasingly inexcusable risk.


As a user, I’m on the other side of this. I never go to App Store to look for apps. (Even on Apple’s side) there is so much garbage and fake clones of apps promoted to the top .. that I just gave up. The only way I use AppStore is when I have a link open it for me (eg maintainer’s website or similar).


Which is surprisingly common to not exist. For example my Sony WH-1000XM4 headphones where acting a bit funny so I decided to do a software update. The only supported way is via their app. The just mention the name. So I have to search the name, be very careful not to click an ad, and hope that I clicked the right one.

It shocks me that people don't provide links, how do I know to trust the app? With this behaviour being "standard" it is unsurprising how often people download malware.


Google is using AI because they don't want to pay a bunch of people to review apps, not because they have to use AI or can't hire people to do the reviews.


> we prevented 2.36 million policy-violating apps from being published on Google Play

"Removed" as in the title would imply for me these apps did hit the Google Play store at one point and were then removed. But from the article itself it sounds more like these were never made available in the first place?


They haven't found the ring of ai chatbot apps that all feed off the same backend and frontend yet.


Maybe they should use some of that "AI Detection" to stop outright fraud call centers from buying top ranking ad links for the "customer service phone number" for various big corporate names.

If I had a dollar for every time I've seen a report of some elderly person that googled a company name and called a friendly-sounding 800 or 888 or similar number, to get roped into some complicated scam payment, I'd probably have enough to pay for google workspace until age 90.


And if your app got mistakenly taken down the only way to get help is to be famous and complain about it on X?


>the only way to get help is to be famous and complain about it on X?

Not at all.

You can also be famous and complain here. Or be famous and complain on Reddit. And sometimes, if you're really famous, you can complain on Bluesky.


And if you're not famous, now you never will be.


False headline. No where in article does it say they were removed. Just talks about using AI to prevent new apps from coming to the store in the first place.


Why can't they have better app moderation for apps going in in the first place? Prevention rather than cure? It almost feels like this is a mislead after they screwed up in the first place.


The title is wrong; prevention is what they do. The actual quote from the article is:

> As a result, we prevented 2.36 million policy-violating apps from being published on Google Play and banned more than 158,000 bad developer accounts that attempted to publish harmful apps.


I thought they needed tens of thousands of people. 1 hour per app, 1000 people, by the end of year, they can review almost 2 million app.

They will cost less than 200 million. Google play store has billions in profit.


There's way more than 2 million apps, since every version can suddenly contain a payload.


They do not need to review all the new revisions. Only the revisions that gets flags by AI.


It feels like if they let you search properly then you wouldn't need so much protection?


I believe the next step to securing things is to eliminate telemetry from all these apps. No amount of data leaks need to happen due to apps dialing home and sending information that users do not want them to.

While sideloading can be avoided, one needs to set simple rules about how to allow and disallow storage and network access, which is something that has plagued the mobile ecosystem for a while.

I think that having opt-out telemetry is one of those ways where users would just prefer to use iOS than use Android; This needs to be fixed as well.


And if you are mistakenly removed, you can then talk to Google chat-bot and argue your case.


If only we could automate that interaction, we'll have completely removed all human intelligence from the loop. What could possibly go wrong?


This is a great idea, we could have a "advocate bot" that takes a small brief and advocates your app on your behalf to the Google bot. What a time to be alive!


Hmmm... maybe I need to make an AI bot service that repeatedly has agents making 24/7 argumentative chat and voice complaints to customer service about services you use to reach the optimal low price. And THEN have another company selling a chatbot that expertly stonewalls bot complaints more effectively than current CS bots. And eventually, everything would be so clogged up with bots arguing with each other that the only way to actually reach customer service for any company would be through my platform.

Not so much a value-added strategy, but value-partially-un-removed strategy.

Looks like enshittif.ai is available!


I think you are describing a lucrative business plan. When you have two of your own bots arguing it out you can bypass the computation overhead entirely.


The main technical hurdle with the "use AI to contact Google customer restore my Google account" bot is that your account is disabled, so you can't access it.


When one of the key apps I use was falsely flagged by Google Play Protect (likely a result of the AI mentioned here), I turned off Google Play Protect and I'll never go back. Actually I had never turned it on in the first place, but somehow it appeared after an update, and was enabled by default.


So, then, what good is having a walled garden anyway?


the most surprising thing here is that Google Play had more than 2.36M of apps.


There's a one time fee of $25 and then you can publish as many as you like. That number probably covers only a few thousand accounts.


I paid that fee and had my dev account closed a few years later for inactivity. I never published an app, but they kept my fee.


Statistics I can find via search differ by a lot, but https://www.appbrain.com/stats/number-of-android-apps says there are currently 1.58M available apps. So, it seems they are moving more apps than they are allowing.


why would that be surprising for the world's most popular mobile app store?


It’s a joke likely, since most people only use a few top apps


because a lot of these apps are thin wrapper around a website.

I have the feeling that more often than not having an app is a vanity checkmark than delivering real value to users.


> because a lot of these apps are thin wrapper around a website.

and those apps would exist on the world's most popular app store.


> because a lot of these apps are thin wrapper around a website.

It still would count an app so I dont see your point.


There's a long tail.


There’s something deeply ironic about Google “preventing apps from getting excessive or unnecessary access to sensitive user data”.

(I know it’s a generic, cliched comment. I’ll show myself out.)


Your comment made my day thank you. Specifically the statement about showing yourself out. I pictured how this would have looked in real life. A friend comes to visit and drops a comment then leaves knowing it's bad taste for the rest of the group!


No fighting in the war room!




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: