Definition: 

Google implemented a new system for users protection against malware. This system works as a prevention system considering possibilities and apps encountering this error does not necessarily means are malware. The following points out some of the most important reasons and different versions of this error.

 

Different versions of play protect errors:

Billing fraud: An app that cause users to get charged without his/her knowledge or consent. Billing fraud can be divided into SMS fraud, Call fraud, and Toll fraud. When Google Play Protect detects such a fraud, the following warning is shown to users: "This app can add unauthorized charges to your mobile bill by registering for recurring charges."

Click fraud: An app clicks on ads or generates them without the user's knowing to obtain click credits. Where Google Play Protect detects a click fraud, the following warning will be shown to users: "This app tries to use your device to commit advertising fraud."

Commercial spyware: An app that without knowledge or permission of user smuggles personal information off the device. This usually happens without adequate notice or consent. When Google Play Protect detects commercial spyware, the following warning is shown to users: "This app can spy on you by monitoring your location or your activity on this device."

Denial of service (DoS): DOS is usually considered as an attack in a manner that lots of fake requests are sent to a specific server causing overloaded traffic on that server and in result the server won't be able to respond to real requests submitted by real users. When Google Play Protect detects a DoS app, the following warning is shown to users: "This app tries to attack other mobile and computer systems."

Hostile downloaders: These apps are not harmful themselves but might be a source for downloading harmful apps. When Google Play Protect detects a hostile downloader, the following warning is shown to users: "This app can install potentially harmful apps without your permission."

Non-Android threat: Apps that can not cause harm to android devices but might be a thread to none-android devices. When Google Play Protect detects a non-Android threat, the following warning is shown to users: "This app can harm non-Android devices."

Phishing: These apps pretend that came from a trusted source and asks the user to enter his personal and billing information. After gathering the information, the app sends this information to a third party. When Google Play Protect detects a phishing app, the following warning is shown to users: "This app is fake. It can steal your personal data, such as banking info and passwords.

Privilege Escalation: Each device has a sandbox making sure of the security of the device. Some apps try to gain privilege by disrupting its function. When Google Play Protect detects a privilege escalation app, the following warning is shown to users: "This app tries to bypass Android's security protections."

Ransomware: some apps controls the user’s device or the data stored in that device. Using these data and control over the device, the app threats the user. When Google Play Protect detects ransomware, the following warning is shown to users: "This app can disable your device or threaten to reveal personal information unless you pay money."

Rooting: Rooting an android device is an option that users have and they can do so themselves but some apps might root the device without the owner’s permission. If Google Play Protect detects an app that might root the device without user’s consent  the following warning is shown to users: "This app tries to bypass Android's security protections."

Spam: such an app uses the device to send spam messages to contacts saved in that device. When Google Play Protect detects spam, the following warning is shown to users: "This app can spam other people with unauthorized messages."

Spyware: Spywares are those apps that transmit personal data, without user’s agreement. When Google Play Protect detects spyware, the following warning is shown to users: "This app tries to spy on your personal data, such as SMS messages, photos, audio recordings, or call history."

Trojan: An app that claims to be normal but inherently performs actions against users. When Google Play Protect detects a trojan, the following warning is shown to users: "This app is fake. It tries to take over your device or steal your data."

Data collection: Such apps collect personal information such as: list of apps installed on the device and transmit them. When Google Play Protect detects data collection, the following warning is shown to users: "This app can collect data that could be used to track you."

Impersonation: Such apps pretend to be another app usually by copying them and deceive users to perform actions which they intended to do in the real app. When Google Play Protect detects impersonation, the following warning is shown to users: "This app looks like another app and can trick you into exposing personal data, misusing your device, or installing other apps."

Disruptive ads: These apps contain advertisements which are shown abruptly usually causing users inconvenience. When Google Play Protect detects disruptive ads, the following warning is shown to users: “This app may display ads with unexpected behaviours (e.g., outside of the app environment, cannot be easily dismissed, or interfering with device functionality).”

 

Uncommon: Apps that are published recently or used rarely might be considered potentially harmful. When Google Play Protect detects an uncommon app, the following warning is shown to the user: “Play Protect doesn't recognize this app's developer. Apps from unknown developers can sometimes be unsafe.”

 

An example of the shown error

 

Most important reasons:

Sign: After developing an application you need to sign it before publication. After signing an application you will have a private key at your disposal for further changes in the following versions of your app. This key is extremely important for google since it is used as a tool for evaluating the app developer validity. While defining or creating a new sign if essential information are not filled correctly, google will not recognize developer and as a result will prevent installation. Please fill in the field according to the following picture:

 

Permissions: In every application different permissions do exists according to the application functionality. Some permissions are considered sensitive. These are categorized as sensitive permission because by having these permission the application can access user information. Mostly for security elevations these permissions are implemented as intents. Intents has the advantage of informing user of the procedures going on and lets the user supervise them. Applications that use such permissions while they could implement them by intent might be considered as potentially harmful app by Google. 

 

Sensitive Permissions Table
Permissions Permission Group

READ_CALENDAR
WRITE_CALENDAR

CALENDAR

READ_CALL_LOG
WRITE_CALL_LOG
PROCESS_OUTGOING_CALLS

CALL_LOG

CAMERA CAMERA

READ_CONTACTS
WRITE_CONTACTS
GET_ACCOUNTS

CONTACTS

ACCESS_FINE_LOCATION
ACCESS_COARSE_LOCATION

LOCATION

RECORD_AUDIO MICROPHONE

READ_PHONE_STATE
READ_PHONE_NUMBERS
CALL_PHONE
ANSWER_PHONE_CALLS
ADD_VOICEMAIL
USE_SIP

PHONE

BODY_SENSORS SENSORS

SEND_SMS
RECEIVE_SMS
READ_SMS
RECEIVE_WAP_PUSH
RECEIVE_MMS

SMS

READ_EXTERNAL_STORAGE
WRITE_EXTERNAL_STORAGE

STORAGE

TargetSDKVersion: This number shows the target version of android for which you developed the application. Applications developed for prior version of the android might be considered potentially harmful and as a result users encounter the Play Protect error while installing application with their targetsdk less than 26.

Blocked By Play Protect Appeal submission tutorial:

To fix this problem, Google has published a form. Please fill in the form according to the following picture, you can access the form from this link:

 

 

The link for downloading your application is really important in filling this form. The submitted link here should be complete containing all symbols and characters. This link should be accessible from the United States of America and Germany.  After filling this form and successfully submitting it, you will receive an email such as this:

 

After appeal submission, your request will be checked in a week or so. Please note that if Google accepts your request or reject it, you won't receive any notification.