Developer Guidance for Google Play Protect Warnings

Google Play Protect offers built-in, proactive protection against malware and unwanted software to help keep users' devices and data safe on Android devices with Google Play services.

This page has more information about each of the various Play Protect warnings that users may encounter, with guidance for developers to understand why an app is being affected by a Play Protect warning, and some alternatives or commonly utilized solutions to resolve an issue, before submitting an appeal to Google Play Protect.

App blocked to protect your device

Prompt Displayed: "This app can request access to sensitive data. This can increase the risk of identity theft or financial fraud."

After the
    user selects an install link, a pop-up dialog appears, explaining that the
    app is blocked
Figure 1. Google Play Protect message that appears when an app is blocked during the installation process.

Reason for this notification: Applications that are downloaded directly from online sources like web browsers, messaging apps, or file managers, are commonly referred to as Internet-sideloading sources. If these applications also use sensitive permissions—RECEIVE_SMS, READ_SMS, NOTIFICATION_LISTENER, and ACCESSIBILITY—they're considered high-risk applications because these permissions are frequently abused for financial fraud. When a user attempts to install an application from these sources and any of these sensitive permissions are declared, Google Play Protect will automatically block the installation.

Recommended Developer Actions:

  • Ensure that applications are following developer guidelines and best practices.
  • Ensure that APIs and permissions are being used for their intended purposes.
  • Make sure that your application is using only the minimum permissions needed to carry out the required functions of your application.
  • Ensure that your application is following responsible privacy and security guidelines.
  • Use the SMS Retriever or User Consent APIs rather than the READ_SMS permission when conducting an SMS-based verification process.
  • Common (non-exhaustive) examples of permissions use cases:
    • SMS examples:
      • Allowed:
        • Apps whose primary purpose is to handle SMS / MMS content.
        • Apps that back up SMS content after prominent disclosure and user consent.
      • Disallowed:
        • Apps that access or send SMS content without explicit user consent.
        • Apps that request SMS permissions for the sole purpose of validating SMS-based verification. (Use the allowed SMS Retriever or User Consent APIs instead.)
    • Bind Notification Listener examples:
      • Allowed:
        • Health and Fitness apps that relay notifications to their respective wearable hardware devices.
        • Apps that aggregate notifications to help users focus.
        • Apps that show notifications on alternate user interfaces—for example, using widgets or launchers.
      • Disallowed:
        • Apps that access notification content without explicit user consent.
        • Apps that hide or prevent notifications from other apps without a user's prior consent.
    • Accessibility examples:
      • Allowed:
        • Assistive apps that increase the usability of a device for users who are visually impaired.
        • Utility screen-reading apps that support text translation with user consent.
      • Disallowed:
        • Apps that interact with other apps or the user's device in any way without explicit user consent.
        • Apps used to extract credentials from the user.

After you've ensured your app is in alignment with the preceding guidelines (including Mobile Unwanted Software principles and Potentially Harmful Application as defined by Google Play Protect), if you still feel your app is erroneously blocked, you may request an appeal.

Harmful App Blocked

A
    pop-up dialog that explains why the app is blocked, along with a 'Got it'
    link
Figure 2. Message that appears when a harmful app is blocked.

Prompts Displayed: Details vary by violation depending on the type of malware or mobile unwanted software detected.

Reason for notification: The Android ecosystem should be free from malicious behaviors. The application has been identified as a Potentially Harmful Application and fits into a malware category or mobile unwanted software category.

Recommended Developer Actions:

The two buttons on the dialog, from top to bottom, are Scan app and
    Don't install app
Figure 3. The App scan recommended dialog shown by Google Play Protect.

Prompt Displayed: "Play Protect hasn't seen this app before. To protect your device and data, send some info about the app to Google for scanning before you install."

Reason for this notification: Google Play Protect conducts security checks at install time to help protect users by scanning apps for malicious code and sensitive permissions from unknown applications that are being installed on your device. By allowing scans to run on the application, Play Protect can help reduce the chance that harmful applications are installed on a user's device.

Recommended Developer Actions:

Android App Compatibility Too Low Warning

The button in the dialog is OK to acknowledge the target SDK is
    too low
Figure 4. A prompt from Google Play Protect notifying the user that the was designed for an older version of Android.

Prompt Displayed: "This app was built for an older version of Android and does not include the latest privacy protections"

Reason for this notification: These Play Protect warnings will show only if the app's targetSdkVersion is more than 2 versions lower than the current Android API level. For example, a user with a device running Android 13 (current API = 33) will be warned when installing any APK that targets API level lower than 31. Android Versions and corresponding API levels can be reviewed on the API level page.

If a device is below target API it won't get a warning. Every new Android version introduces changes that bring security and performance improvements and enhance the Android user experience. Some of these changes only apply to apps that explicitly declare support through their targetSdkVersion manifest attribute (also known as the target API level). Configuring your app to target a recent API level ensures that users can benefit from these improvements, while your app can still run on older Android versions. Targeting a recent API level also allows your app to take advantage of the platform's latest features to delight your users.

Recommended Developer Actions:

To ensure compatibility across Android versions, developers should make sure that new versions of any apps target the latest API level. For advice on how to change your app's target API level, take a look at the migration guide.

Send App for Security Check

The three buttons in the dialog, from top to bottom are Always send
    unknown apps, Send this time, and Don't send
Figure 5. A prompt from Google Play Protect to send the app for a security check.

Prompt Displayed: "This app is unknown to Play Protect. To protect yourself and others, send it to Google for a security check."

Reason for this notification: Unknown applications can pose a risk to users. For users, sending (one time or always) this application to Google Play Protect to scan for potential malware will make this notification go away. Appeals are not relevant and won't remove this message.

Recommended Developer Actions:

  • Review your device certification status.
  • Ensure that Google Play Protect is aware of your application to avoid this dialog appearing for users.

Appeals

Appeal App Status on Play Store

You can appeal your app's removal from the Google Play Store. We will reinstate apps in appropriate circumstances, including if an error was made and we find that your app does not violate the Google Play Developer Program Policies and Play Developer Distribution Agreement. For more information on appealing a policy violation, see My app has been removed from Google Play.

Appeal Play Protect Warning Status

You can appeal your app's Google Play Protect classification status.

Prior to submitting an appeal to Google Play Protect, we encourage you to use the above guidance to understand why an app is being affected by a Play Protect warning, and some alternatives or commonly utilized solutions to resolve an issue.

We will correct classification of apps in appropriate circumstances, including if an error was made and we find that your app does not violate Mobile Unwanted Software principles and is not a Potentially Harmful Application, as defined by Google Play Protect.

After you've ensured your app is in alignment with the above policies, and if you still feel your app is erroneously blocked, you can appeal the classification by clicking the File a Play Protect appeal button below:

File a Play Protect appeal