Google's 2025 crackdown on malvertising and Android 17 privacy updates mark a significant shift in digital security, leveraging AI to block billions of harmful ads while giving users unprecedented control over their personal data.
Google has unveiled a sweeping set of privacy and security updates for Android 17, alongside its 2025 report on blocking over 8.3 billion policy-violating ads globally. The tech giant is tightening its grip on both user data protection and ad fraud, leveraging artificial intelligence to stay ahead of increasingly sophisticated threats.
Android 17 Privacy Overhaul: Contact and Location Controls
The most significant changes in Android 17 focus on giving users granular control over their personal information. Google is replacing the broad READ_CONTACTS permission with a new Contact Picker interface that allows apps to request access only to specific contact fields—such as phone numbers or email addresses—rather than entire contact records.
"This feature allows users to grant apps access only to the specific contacts they choose, aligning with Android's commitment to data transparency and minimized permission footprints," Google stated in its announcement.
For developers, this means a fundamental shift in how contact data is accessed. Apps targeting Android 17 and later must use the Contact Picker as their primary method for accessing contacts. The READ_CONTACTS permission is now reserved only for apps that genuinely require full, ongoing access to contact lists. Developers are advised to remove READ_CONTACTS from their app manifests entirely if targeting Android 17 or later, unless they can justify the need through a Play Developer Declaration.
The location permission changes are equally significant. Android 17 introduces a streamlined location button that enables apps to request one-time access to precise location data. This gives users better control over how much information they share and for what duration. A persistent indicator will alert users whenever a non-system app accesses their location.
Developers must review their apps' location usage to ensure they're requesting the minimum amount of location data necessary. For apps targeting Android 17 and above that use precise location for temporary actions, implementing the location button requires adding the onlyForLocationButton flag in the manifest. Apps requiring persistent, precise location must submit a Play Developer Declaration explaining why the new button or coarse location isn't sufficient for their core features.
The declaration form is expected to be available before October 2026, with pre-review checks in the Play Console launching October 27 to identify potential contacts or location permissions policy issues.
AI-Powered Ad Fraud Prevention
Google's 2025 ad enforcement report reveals the scale of its anti-fraud efforts. The company blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts last year. More than 99% of policy-violating ads were caught by Google's systems before they reached users.
Keerat Sharma, vice president and general manager of Ads Privacy and Safety at Google, explained the technological shift: "Unlike earlier keyword-based systems, our latest models better understand intent, helping us spot malicious content and preemptively block it, even when it's designed to evade detection."
The company removed or blocked 602 million ads and 4 million accounts associated with scams or scam-related activity in 2025. Additionally, Google restricted over 4.8 billion ads and took action against more than 480 million web pages attempting to serve sexually explicit content, weapons promotion, online gambling, alcohol, tobacco, and malware.
These numbers represent a significant escalation from 2024, when Google suspended over 39.2 million advertiser accounts, stopped 5.1 billion bad ads, restricted 9.1 billion ads, and blocked or restricted ads on 1.3 billion pages.
Gemini AI: The New Front Line Against Malvertising
Google is harnessing the capabilities of Gemini, its artificial intelligence model, to detect and block malicious ads at scale. The company notes that bad actors are increasingly using generative AI to create deceptive ads, and Gemini helps detect and block them in real time.
"By the end of last year, the majority of Responsive Search Ads created in Google Ads were reviewed instantly, and harmful content was blocked at submission—a capability we plan to bring to more ad formats this year," Google stated.
This AI-driven approach represents a fundamental shift from rule-based detection to intent-based understanding, allowing Google to identify and block sophisticated ad fraud attempts that might otherwise slip through traditional filters.
Business Protection: Secure App Ownership Transfers
Beyond user privacy and ad fraud, Google is implementing a secure way for businesses to transfer app ownership through a native account transfer feature built into the Play Console. This move aims to protect businesses against fraud and eliminate the risks associated with unofficial transfers.
"That means that unofficial transfers (like sharing login credentials or buying and selling accounts on third-party marketplaces), which leave your business vulnerable, are not permitted," Google warned.
The company is recommending that app developers handle account ownership changes through this official feature starting May 27, 2026.
Industry Context and Implications
These changes come amid growing concerns about digital privacy and the increasing sophistication of online fraud. The Android 17 privacy updates represent Google's most comprehensive overhaul of app permissions since the introduction of runtime permissions in Android 6.0 Marshmallow.
For users, the changes mean greater control over personal data and more transparency about how apps access sensitive information. The persistent location indicator and the ability to grant one-time access to contacts and location data address long-standing privacy concerns about apps that request broad permissions but only need limited access.
For developers, the changes require significant updates to existing apps and careful consideration of permission requests in new apps. The requirement to justify broad permissions through Play Developer Declarations adds a new layer of scrutiny to the app review process.
For the broader digital advertising ecosystem, Google's AI-powered enforcement represents a significant investment in maintaining the integrity of online advertising. As generative AI makes it easier to create convincing but fraudulent ads, the use of advanced AI for detection becomes increasingly critical.
The scale of Google's enforcement—blocking billions of ads and suspending millions of accounts—demonstrates both the magnitude of the problem and the company's commitment to addressing it. However, it also raises questions about the effectiveness of current detection methods and the ongoing arms race between fraudsters and platform security teams.
As these changes roll out throughout 2026, the digital advertising and mobile app development landscapes will likely continue evolving to balance user privacy, business needs, and security concerns in an increasingly complex digital environment.
Comments
Please log in or register to join the discussion