Google is fighting the constant invasion of malware on Google Play by requiring all new developer accounts registering as an organization to provide a valid DUNS number before submitting apps.
The new measure aims to improve the security and reliability of the platform and is part of efforts to limit malware submissions from new accounts.
Typically, malicious apps on Google Play are submitted for review without dangerous code or payloads, which are later fetched via an update in the post-installation phase.
Offending apps are flagged and removed from the Play Store, and their developers are banned. However, it is relatively easy for them to create a new account and submit the same dangerous apps under a new name and theme.
To address this flaw, starting August 31, 2023, Google will require all developers creating new Play Console accounts to provide a valid DUNS number.
DUNS (Data Universal Numbering System) are nine-digit unique identifiers assigned by a business data and business analytics company Dun & Bradstreet to unique companies.
Organizations ask a Dun & Bradstreet DUNS number must submit several documents that verify the information provided, and the process can take up to 30 days.
DUNS is a globally recognized proprietary standard used by the United States Government, European Commission, United Nations, and Apple, and is considered to be trusted.
By requiring a DUNS number from software developers, Google will make it much harder for rogue app publishers to re-register on the App Store, as they would have to create a new company to re-enter the platform.
In addition to the above, Google will change the “Contact Information” section of app entries on the Play Store, renaming it “App support” and adding more developer information.
Previously, this section accommodated the developer’s name, email, and location, but it will now also include the company name, full office address, website URL, and phone number .
This change will improve transparency, allowing users to better understand the company responsible for each application.
Google says it will regularly check information provided by app developers for inclusion in this section.
If they find any inconsistencies, they will suspend the account’s ability to publish apps to the Play Store, possibly removing existing apps after a specified period.