We began the testing on the Pixel

To test out the scope of the Play Protect update, we used a Pixel 7a with a fresh install of Android 14 with the updated Google Play Store featuring real-time code-level scanning.


We began the testing on the Pixel 7a by trying to install various spyware apps that have rebranded or been cloned, or otherwise had code changes that would attempt to evade detection. (We’re not naming or linking to the apps given their malicious nature.) Commercial surveillance apps, like stalkerware or spouseware, are typically surreptitiously installed by someone with physical access to a person’s phone, often a spouse or domestic partner. These spyware apps silently and continually upload the contents of the person’s phone, including messages, photos, and real-time location data, and present a major security and privacy risk to the people whose phones are compromised.


Play Protect intervened each time we tried to install spyware and stalkerware. The feature blocked the apps from installing, labeling the apps “harmful.”


We also picked a handful of predatory loan apps that were disguised as popular Android apps. These loan apps upload the device’s contact list to a server under the guise of fraud prevention, and loan agents can use this access to send threatening and intimidating messages and calls to their contacts. The landing page of one of the predatory loan apps resembled a regular Google Play listing, but required the user to download and manually sideload the app from outside the app store.


The Play Protect update did not restrict five predatory loan apps from installing at the time of our testing.


We also tried to install a couple of apps that appear to be fake versions of other popular apps listed on Google Play. The apps we tested are similarly named and feature near-identical designs and user experiences, but are clearly underdeveloped knock-offs. One of the fake apps imitated a popular game and the other masqueraded as a widely used VPN app.


Play Protect allowed these two apps to be installed, though it’s unclear for what purpose the fake apps were initially developed.