Huawei Blocks 49M Malicious Apps in 2025

Huawei has released its 2025 Annual Security and Privacy Governance Report for the Huawei App Market. The report reveals that the platform successfully prevented 49.28 million malicious application installations throughout the year.

This massive figure underscores the intense cyber threats facing mobile ecosystems today. It also highlights Huawei's aggressive stance on maintaining a secure environment for its HarmonyOS users globally.

Key Facts from the 2025 Report

The data provides a comprehensive look at Huawei's rigorous screening processes. Here are the critical takeaways from the annual review:

• Total Applications Reviewed: 1.39 million app submissions were processed during the year.
• Strict Approval Rate: Only 64.4% of submitted apps passed the initial security and privacy checks.
• High Rejection Volume: Approximately 498,000 applications were rejected due to policy violations or security risks.
• Post-Launch Monitoring: The team conducted re-tests on 550,000 existing applications to ensure ongoing compliance.
• Active Takedowns: A total of 60,000 non-compliant apps were removed from the store after publication.
• Developer Bans: Huawei permanently banned 1,828 developer accounts involved in malicious activities.

Aggressive Pre-Installation Screening

Huawei's security infrastructure operates on multiple layers to protect user devices. The most significant metric is the prevention of nearly 50 million malicious installations. This number represents attempts by users to download harmful software that was stopped before it could execute.

The platform employs advanced AI-driven detection systems. These systems analyze code behavior, permission requests, and network activity patterns. Unlike traditional antivirus tools that scan after installation, Huawei's system intercepts threats during the download phase.

This proactive approach is critical for HarmonyOS, which powers a growing ecosystem of smartphones, tablets, and smart home devices. By blocking threats early, Huawei reduces the risk of data breaches and financial loss for its user base.

The high rejection rate of 35.6% indicates that many developers either lack proper security hygiene or intentionally attempt to bypass safety protocols. Huawei's strict enforcement ensures that only compliant apps reach the end-user.

Case Study: Fraudulent App Interception

One notable incident occurred in August 2025 involving an app named "XX Query Assistant." During the standard review process, the system triggered a warning based on anomalous behavior patterns.

Deep analysis revealed that the app utilized processes and foreground services to maintain persistent activity. It also accessed the clipboard without user consent. These behaviors are typical of spyware but unusual for a legitimate query tool.

Human reviewers confirmed the findings and classified the app as a scam. The application was blocked before it could be listed on the store. This case demonstrates the effectiveness of combining automated AI detection with human oversight.

Such fraud attempts often target sensitive personal information. By identifying these apps early, Huawei prevents potential identity theft and financial fraud. This multi-layered verification process is essential for maintaining trust in the digital marketplace.

Combating Impersonation During Tax Season

Another major threat vector involves impersonation attacks. In March 2025, coinciding with the annual tax filing period, Huawei detected multiple fake versions of the official "Individual Income Tax" application.

These counterfeit apps exploited users' urgency to file taxes. They were designed to steal sensitive financial data and login credentials. The attackers relied on visual similarities to trick unsuspecting users.

Huawei deployed its AI infringement detection technology to identify these clones. The system analyzed UI elements, code signatures, and metadata to flag suspicious submissions.

As a result, 38 fake tax applications were intercepted and blocked. This rapid response protected millions of users from potential financial loss. It also highlights the seasonal nature of cyberattacks targeting specific user behaviors.

Industry Context and Global Standards

Huawei's security metrics align with global trends in mobile app governance. Major platforms like Apple's App Store and Google Play have also tightened their security protocols in recent years.

However, Huawei's rejection rate of nearly 50% is significantly higher than industry averages. For comparison, Western platforms typically see rejection rates between 10% and 20%. This suggests Huawei applies more stringent criteria for privacy and behavioral compliance.

The rise of AI-generated malware has made manual review insufficient. Automated systems must now detect subtle obfuscation techniques used by bad actors. Huawei's investment in AI-driven security places it at the forefront of this technological arms race.

For Western developers, understanding these standards is crucial. As HarmonyOS expands globally, complying with these rigorous guidelines will be necessary for market access. Ignoring these protocols could lead to immediate bans and reputational damage.

What This Means for Developers

Developers must prioritize security and privacy from the start of the development cycle. Retroactive fixes are no longer sufficient for passing Huawei's review process.

Key actions for developers include:

• Conducting thorough internal security audits before submission.
• Ensuring all permission requests have clear, justified purposes.
• Avoiding any background processes that mimic malicious behavior.
• Regularly updating apps to address newly identified vulnerabilities.
• Studying Huawei's specific guidelines for HarmonyOS compatibility.

Failure to adhere to these standards results in wasted time and resources. With over 498,000 rejections last year, the cost of non-compliance is high. Proactive adherence to security best practices is the most efficient path to approval.

Looking Ahead: Future Security Trends

The landscape of mobile security will continue to evolve rapidly. As AI tools become more accessible to criminals, defensive measures must also advance.

Huawei is likely to integrate more sophisticated machine learning models into its review pipeline. These models will predict potential threats based on emerging attack vectors. We can expect even stricter controls on data collection and user tracking.

For the broader industry, this report serves as a benchmark. It demonstrates that large-scale automated security is feasible and effective. Other platforms may adopt similar strategies to combat the rising tide of mobile malware.

Users should remain vigilant despite these protections. No system is perfect, and social engineering attacks continue to pose risks. Education and awareness remain key components of digital safety.

Gogo's Take

• 🔥 Why This Matters: This report proves that automated AI security can scale to block tens of millions of threats. It shifts the burden of safety from the user to the platform, setting a new standard for app stores worldwide.
• ⚠️ Limitations & Risks: The high rejection rate may inadvertently block legitimate niche apps that use complex permissions. Over-reliance on AI detection could also lead to false positives, stifling innovation for smaller developers who lack resources for deep security audits.
• 💡 Actionable Advice: If you are developing for HarmonyOS, treat security as a core feature, not an afterthought. Audit your app's background processes and clipboard access immediately. For users, always verify the developer name and check the 'Security' tab in the app details before installing.