Google Cracks Down on Bad Actors: 8.3B Ads Blocked and Major Privacy Overhaul for Android 17

TL;DR

Google has released its 2025 transparency report, detailing the removal of 8.3 billion policy-violating ads and the suspension of nearly 25 million accounts. Simultaneously, the company announced significant privacy updates for Android 17, introducing stricter controls over contact and location permissions to minimize data footprints and prevent fraud.

---

In a dual-pronged effort to clean up its digital ecosystem, Google has announced a massive enforcement action against malicious advertising alongside a significant privacy overhaul for the upcoming Android 17. The move signals a shift toward more granular user controls and AI-driven threat detection.

The 2025 Enforcement: AI vs. Malvertising

Google’s latest safety report reveals the scale of its battle against bad actors in 2025. Leveraging its Gemini AI model, the company successfully blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts.

The integration of Gemini represents a technological leap from traditional keyword-based filtering. According to Keerat Sharma, VP and GM of Ads Privacy and Safety, these AI models can better understand intent, allowing Google to preemptively block malicious content designed to evade detection.

Key 2025 Stats:

• 8.3 Billion: Total ads blocked or removed.
• 24.9 Million: Total accounts suspended.
• 602 Million: Ads removed specifically for scam-related activity.
• 99%: Rate of policy-violating ads caught before being shown to users.

For comparison, while the total number of blocked ads rose, the number of suspended advertiser accounts dropped from 39.2 million in 2024 to 24.9 million in 2025, suggesting a more targeted or efficient enforcement approach.

Android 17: Ending Broad Permission Overreach

The second half of Google's announcement focuses on the Android 17 privacy overhaul, specifically targeting how third-party apps access sensitive user data.

Standardized Contact Sharing

Historically, apps requiring access to a single contact relied on the READ_CONTACTS permission—an "all-or-nothing" approach that granted access to a user's entire address book. Android 17 introduces a new Contact Picker.

• Granular Control: Users can grant access to specific contacts rather than the whole list.
• Field-Specific Requests: Apps can now request only specific data points, such as an email address or phone number, rather than the entire record.
• Mandatory Adoption: Apps targeting Android 17 must use the picker or the Android Sharesheet. The broad READ_CONTACTS permission is now reserved strictly for apps that cannot function without full list access and requires a formal Play Developer Declaration.

Precise Location Transparency

Google is also introducing a streamlined Location Button to combat "permission creep."

• One-Time Access: The button allows users to grant precise location data for a single, discrete action.
• Persistent Indicators: A new visual indicator will alert users whenever a non-system app is actively accessing their location.
• Justification Required: Developers who require persistent, precise location must submit a declaration explaining why the one-time button or coarse location is insufficient for their core features.

Securing App Ownership

To protect businesses from fraud and "black market" account sales, Google is launching a native app ownership transfer feature within the Play Console.

• Effective Date: May 27, 2026.
• The Goal: Eliminate "unofficial" transfers, such as sharing login credentials or buying/selling accounts on third-party marketplaces, which often leave businesses vulnerable to hijacking.

Timeline for Developers

Developers should prepare for these shifts according to the following schedule:

• Immediate: Review apps targeting Android 17 (currently in beta) and implement the new Contact Picker.
• October 27, 2025: Pre-review checks go live in the Play Console to identify permission policy issues.
• May 27, 2026: Official app transfer feature becomes the required method for ownership changes.
• October 2026: Play Developer Declaration forms for location and contact overrides are expected to be available.

Conclusion

By combining AI-powered ad enforcement with structural changes to the Android operating system, Google is attempting to create a "privacy-first" environment. While these changes provide users with more transparency, they place a higher burden of proof on developers to justify why they need access to sensitive personal data.

---

Source: The Hacker News