Malware is any code that could put a user, a user's data or a device at risk. Malware includes, but is not limited to, potentially harmful applications (PHAs), binaries or framework modifications, consisting of categories such as trojans, phishing and spyware apps, and we are continuously updating and adding new categories.
Though varied in type and capabilities, malware usually has one of the following objectives:
- Compromise the integrity of the user's device.
- Gain control over a user's device.
- Enable remote-controlled operations for an attacker to access, use or otherwise exploit an infected device.
- Transmit personal data or credentials off the device without adequate disclosure and consent.
- Disseminate spam or commands from the infected device to affect other devices or networks.
- Defraud the user.
An app, binary or framework modification can be potentially harmful, and can therefore generate malicious behaviour, even if it wasn't intended to be harmful. This is because apps, binaries or framework modifications can function differently depending on a variety of variables. Therefore, what is harmful to one Android device might not pose a risk at all to another Android device. For example, a device running the latest version of Android is not affected by harmful apps which use deprecated APIs to perform malicious behaviour, but a device that is still running a very early version of Android might be at risk. Apps, binaries or framework modifications are flagged as malware or PHA if they clearly pose a risk to some or all Android devices and users.
The malware categories below reflect our foundational belief that users should understand how their device is being leveraged and promote a secure ecosystem that enables robust innovation and a trusted user experience.
Visit Google Play Protect for more information.
StalkerwareCode that collects personal or sensitive user data from a device and transmits the data to a third party (enterprise or another individual) for monitoring purposes. Apps must provide adequate prominent disclosure and obtain consent as required by the user data policy. Guidelines for monitoring applications Apps exclusively designed and marketed for monitoring another individual, for example, parents to monitor their children or enterprise management for the monitoring of individual employees, provided that they fully comply with the requirements described below are the only acceptable monitoring apps. These apps cannot be used to track anyone else (a spouse, for example) even with their knowledge and permission, regardless if persistent notification is displayed. These apps must use the IsMonitoringTool metadata flag in their manifest file to appropriately designate themselves as monitoring apps. Monitoring apps must comply with these requirements:
Please reference the Use of the isMonitoringTool flag Help Centre article for more information. |
Non-Android threatCode that contains non-Android threats. These apps can't cause harm to the Android user or device, but contain components that are potentially harmful to other platforms. |
SpamCode that sends unsolicited messages to the user's contacts or uses the device as an email spam relay.
|
SpywareSpyware is a malicious application, code or behaviour that collects, exfiltrates or shares user or device data that is not related to policy-compliant functionality. Malicious code or behaviour that can be considered as spying on the user, or exfiltrates data without adequate notice or consent is also regarded as spyware. For example, spyware violations include, but are not limited to:
All apps must also comply with all Google Play Developer Programme Policies, including user and device data policies, such as mobile unwanted software, user data, permissions and APIs that access sensitive information and SDK requirements. |