Google is on a mission to bridge the gap between Android and iPhone, especially when it comes to their security and privacy. Over the past year, this campaign has reached new heights, with a selection of higher-risk Play Store apps, the promise of live threat detection, and a host of new features launching with Android 15. But the latest update to Google is a surprise and will leave users and their phones at serious risk.

The new clampdown on sideloading has been a key part of this new approach, with Google warning that installing apps from outside the Play Store is responsible for the majority of dangerous malware on the platform and, as a result, making it more difficult to do. Play Protect, Android’s primary defense to prevent known malware from being installed on devices, now works on both the Play Store and other installations.

ForbesGmail stops working ‘suddenly’: New warning when update fails, here’s what to doBy Zak Doffman

However, the problem is that sometimes Play Protect incorrectly marks downloaded apps as high risk when they are not. As such, users disable Play Protect to allow the app on their phone. Since this is the last line of defense protecting your phone, and socially engineered lures can trick users into installing all sorts of dangerous apps, this is definitely not something you should do. It’s worse, because once you disable Play Protect, you may forget to re-enable it, leaving your phone exposed.

As one of Google’s own security executives. warned Just a few weeks ago, “Google and the security community have been warning users for years about the real risks associated with downloading apps directly from the web,” accusing Epic Games of a “dangerous move” when it tried to force Google to open Play. Store. The company has also reported that 95% of “malicious applications” come from side downloads.

But now, as he discovered Android Authority“an APK investigation of version 43.4.23-31 of the Play Store app has revealed that Google is working on a feature that will allow users to temporarily pause Play Protect instead of turning it off completely… When available, the Users will be able to pause Play Protect for a day and the security tool will be activated automatically the next day… The message also warns that “requests to pause or disable Play Protect may be a scam.”

That last point is essential: recognizing the risks of taking this step, as we saw last month with a change. to prevent Play Protect from being disabled during a callto mitigate the risk of a scammer convincing the victim to expose their phone. Instead of this change, Google should make it harder, much harder, to turn off Play Protect, and if necessary, it should do so for a few minutes, not for the rest of the day.

Google can’t really have it both ways: either Play Protect is essential or it isn’t. It’s Google’s default response when new malware appears, telling users to make sure it’s enabled. That protection disappears if it is considered the norm to disable it when an application cannot access it. So how does a user know what is dangerous and what is not?

ForbesMicrosoft upgrade decision: 50 million Windows users must act nowBy Zak Doffman

That’s why I think this latest update, assuming it hits phones as expected, is a big mistake, as it will provide everyday users with settings that look legitimate and normalized, rather than the more drastic step of turning off protection. It’s also a big surprise, given the recent changes in the other direction. It will prompt scammers to convince users to use this to facilitate the installation of malware. It would be much better to hold a firm line on the need to keep Play Protect enabled and further hinder direct installations or the use of unsafe third-party stores.

There are many reasons to introduce competition into app stores, as seen in recent regulatory initiatives. But those stores should be secure, and Play Protect and live threat detection should always be on. If Android really wants to catch up to the iPhone, then it needs to be bolder in what is allowed and what is not.as Samsung has demonstrated with its default maximum restrictions.