App Defense Alliance

The App Defense Alliance is a collaboration between Google, ESET, Lookout, and Zimperium. The App Defense Alliance was created to ensure
the safety of the Google Play Store. Together with our partners we aim to quickly find Potentially Harmful Applications (PHAs)
and take the appropriate action to protect users.

Partners of the App Defense Alliance can send a request to the Google Play Protect scanner service to have an app analyzed. The GPP scanner service then sends back the scan results directly to the partner. This direct communication also allows GPP to send requests to partner’s scanner services and receive results from the partner’s scanning engines. This will generate new app risk intelligence as apps are being queued to publish. Partners will analyze that dataset and act as another, vital set of eyes prior to an app going live on the Play Store.

All of our partners work in the world of endpoint protection, and offer specific products to protect mobile devices and the mobile ecosystem. They use a combination of machine learning and static/dynamic analysis to detect bad apps in the wild. Then, they analyze these apps to understand what makes them harmful to users, and ultimately protect individuals and organizations against those threats.


Our number one goal as partners is to ensure the safety of the Google Play Store, quickly finding potentially harmful applications and stopping them before they ever make it onto Google Play.

Security researchers find PHAs both in and outside the Play Store and use our established processes to report them but this processes are manual and aren't designed for scale. The App Defense Alliance creates a secure two way communication between Google and our partners to share threat information and new samples as soon as they become available. This results in early detection and mitigation of PHAs.

The open communication between Google Play Protect and our partners benefits everyone involved and most importantly helps protect Android users. Our partners have a direct line to GPP samples and can share directly with GPP. The transparency the App Defense Alliance creates fosters an open and collaborative atmosphere for partners and users.


The App Defense Alliance is announced on the Android security blog.
Android 10 has backward-edge protection for return addresses using Clang’s Shadow Call Stack (SCS). Google’s Pixel 3 and 3a phones have kernel SCS enabled in the Android 10 update, and Pixel 4 ships with this protection out of the box.I
Helping Android app developers build secure apps, free of known vulnerabilities, means helping the overall ecosystem thrive.