More than 275,000 apps hosted in its server, Google has pressured developers in order to patch security updates over the past 2 years. Blocking future updates to the insecure app was the kind of threat that Google used in many cases. As part of its ASI (App Security Improvement) program, the company has been scanning apps for known vulnerability since 2014. The developers were alerted via Google Play Developer Console and email whenever a known security risk is found. Initially,this program was only searching for the most common issue at that time inserted AWS (Amazon Web Service) credentials. Cloud servers can be seriously compromised with the unprotected AWS credentials. The program was eventually updated to scan for Keystore files. Generally, both public and private cryptographic keys are contained in files like these. Cryptographic keys are used to encrypt and decrypt files and secure connection.
Prior to 2015,when Google expanded the types of issues, it scanned and enforce deadlines for the same to be fixed developers were not in a hurry to fix issues even though they were notified. A detailed description of the flaw and a guide of how to fix them was been provided by the company. Failing to fix the issue in the time frame provided by Google any further updated will be blocked by the company for the app.