Imagine walking into your favorite high-street store and finding out it accidentally sold 239 products designed to steal your money. That store would be toast by Monday. Lawsuits, angry customers, viral TikToks — the works.
Now imagine the same thing happening online, with 239 malicious apps sitting comfortably in the Google Play Store, downloaded a casual 42 million times. Shockingly, Google’s reputation remains… perfectly fine. Business as
usual. Nothing to see here.
According to US security firm Zscaler, these apps were discovered between June 2024 and May 2025. Only a few were publicly named, but many lived in the Tools category — you know, the section filled with apps that promise
to “boost productivity” while quietly ruining your life. We’re talking about:
File managers
Document scanners
Calculators
Converters
To-do lists
Junk cleaners (ironically cleaning everything except themselves)
Zscaler pointed out that people working from home and the office rely heavily on these apps. Shocking revelation: normal humans also use them. You don’t need to be a Fortune 500 CEO to want to open a PDF or organize your downloads. And the apps looked completely legit. Seriously — would you have spotted the evil one just by looking at it?
Spoiler: probably not.
Behind the friendly icons, some of these apps were busy stealing login credentials for bank accounts and mobile payment services like Google Wallet. Others were less ambitious but still annoying, flooding users with ads and making money every time someone accidentally tapped one.All of this is part of a 67% year-on-year increase in malware targeting Android devices. So… what exactly is going on in the Play Store?
In short: hackers are getting really good at this. They launch coordinated waves of apps, overwhelming Google’s defenses, and hide malware so cleverly that it slips past automated scans — only activating after installation. Sneaky.The obvious solution sounds easy: “Just check the apps better.”
The reality? Google lists around 1,500 new apps every single day, contributing to a total of roughly 3.5 million apps. Is Google supposed to inspect every one of them manually? And if not… should it even be hosting them?
Here’s the twist: many users actually like that Google Play is more relaxed than Apple’s App Store. That freedom means you’re more likely to find “hacky” apps — ad blockers, system tweakers, torrent downloaders — the fun stuff Apple doesn’t like. So this is the deal:
Google Play Store: less secure, more freedom
Apple App Store: more secure, fewer toys
It’s the classic tech trade-off. And Google knows it. It also knows most users will accept the risk because they want the apps. Even better for Google? There’s almost zero chance of serious fines. Why? Because legally, the Play Store isn’t considered a “store” at all — it’s just a “platform” where others list products. Imagine a supermarket saying, “We don’t sell expired food — we just host it.” Somehow, that argument works here.To be fair, Google admits there’s a problem. New developers now have to:
Verify their identity
Provide personal information
Show government ID
Pay a registration fee
And in 2026, these rules will also apply to developers who create apps meant for sideloading on Android devices. Will this fix the problem? We’ll find out next year. Until then, one golden rule applies:
Never install anything from the Play Store unless you’re absolutely convinced it’s safe. Yes, even if it promises to “clean junk,” “boost performance,” or “change your life in 3 taps.”
