Google Blocks 8.3B Violating Ads by 2025, Introduces Android 17 Privacy Fix

Google this week announced a new set of Google Play policy updates to strengthen user privacy and protect businesses from fraud, as it revealed that it has blocked or removed more than 8.3 billion ads worldwide and suspended 24.9 million accounts by 2025.

The new policy updates are related to contact permissions and location permissions on Android, which allow third-party apps to access a user’s contact list and location in a privacy-friendly way. This includes the new Contact Picker, which provides a standard, secure, and searchable interface for selecting a contact.

“This feature allows users to grant apps access only to specific contacts they choose, consistent with Android’s commitment to data privacy and reduced consent steps,” Google said.

Previously, apps that needed access to a specific user’s contacts relied on READ_CONTACTS, a very broad permission that gave apps the ability to access all contacts and their associated information. With a recent change introduced in Android 17, apps can specify which fields from a contact they need, such as phone numbers or email addresses, as opposed to reading the entire record.

The updated policy will require all active apps to use the picker (or Sharesheet for Android) as the primary way to access user contacts, with READ_CONTACTS now reserved only for apps that can’t work without it. It is recommended to completely remove the READ_CONTACTS permission from the app’s manifest declaration if it targets Android versions 17 (currently in beta) and later.

“If your app requires full, continuous access to a user’s contact list to function, you must address this need by submitting a Play Developer Announcement to the Play Console,” notes Google.

The second policy change revolves around the structured location button that Google introduced in Android 17 that allows apps to simultaneously request access to a user’s exact location. By doing so, it allows the user to make better choices about how much information they want to share and when. In addition, a persistent indicator will appear to notify the user every time a non-system application accesses their location.

To comply with this update, developers are urged to review the location usage of their apps to ensure they request the minimum amount of location data necessary to function.

“If your app targets Android 17 and above and uses precise location for vague, temporary actions, use a location button by adding the onlyForLocationButton flag to your manifest,” the tech giant said. “If your app requires a continuous, intuitive surface to run, you’ll need to submit a Play Developer Announcement to the Play Console to demonstrate why a new button or rough surface is insufficient for your app’s core features.”

The announcement form is expected to be available before October 2026, with a pre-review test on the Play Console to go live from 27 October to identify potential contacts or local permission policy issues.

Google also uses a secure way for businesses to transfer ownership of their apps with a native account transfer feature built into the Play Console to stay safe from fraud. The company recommends that app developers handle account ownership changes with this feature starting May 27, 2026.

“That means illegal transfers (such as sharing login credentials or buying and selling accounts on third-party markets), which leave your business at risk, are not allowed,” he said.

Google Takes Aim at Malvertising

The changes to the Android ecosystem come as Google said it is using the capabilities of Gemini, its artificial intelligence (AI) model, to detect and block malicious ads on its platform. More than 99% of policy-violating ads were caught by their systems by 2025 before being shown to users, it noted.

“Unlike previous keyword-based programs, our latest models better understand intent, which helps us identify malicious content and block it in advance, even if it’s designed to avoid detection,” Keerat Sharma, vice president and general manager of Ads Privacy and Safety at Google, said in a post shared with Hacker News.

Collectively, the company removed or blocked 602 million ads and 4 million accounts that were associated with scams or scam-related activity last year. More than 4.8 billion ads were blocked, and more than 480 million web pages were accessed for attempting to serve content that graphic sex, weapons promotion, online gambling, alcohol, tobacco, and malware.

In contrast, Google suspended more than 39.2 million advertiser accounts in 2024, and suspended 5.1 billion bad ads, restricted 9.1 billion ads, and blocked or limited ads on 1.3 billion pages.

“Bad actors use artificial intelligence to create sophisticated ads, and Gemini helps us detect and block them in real time,” Google said. “At the end of last year, the majority of Responsive Search Ads created on Google Ads were reviewed instantly, and harmful content was blocked in transit — a capability we plan to bring to additional ad formats this year.”