Security Risks Rise as Google Play Tightens Restrictions on Unlicensed Cryptocurrency Exchange Apps

Google has announced that, starting January 28, 2026, it will completely block the distribution of overseas cryptocurrency exchange apps on Google Play if they are not licensed by Korean financial authorities.

※Google Play (2026). Preview: Blockchain-based Content 
Source: https://support.google.com/googleplay/android-developer/answer/16302285?sjid=8888255779410190101-NC

 

Figure 1. Google Play Console Policy Center

 

According to Google’s updated policy for cryptocurrency exchanges and software wallets, developers of virtual asset applications must submit a registration report to Korea Financial Intelligence Unit (FIU). Apps that fail to meet this requirement will no longer be allowed on the Play Store.

※Google Play. (2026). Understanding Google Play’s Cryptocurrency Exchanges and Software Wallets Policy. 
Source: https://support.google.com/googleplay/android-developer/answer/16329703?hl=en

 

Figure 2. Google Play Cryptocurrency Exchange Policy in South Korea

 

As of January 14, 2026, the FIU lists 27 registered virtual asset service providers (VASPs), including major exchanges such as Upbit, Korbit, Coinone, and Bithumb.

※ Korea Financial Intelligence Unit (2026). VASP Registration Status (as of 2026 Jan, 14) 
Source: https://www.kofiu.go.kr/kor/notification/notice_view.do

 

Service	Corporate Name (Legal Entity)
Upbit	Dunamu Inc.
Korbit	Korbit Co., Ltd.
Coinone	Coinone Co., Ltd.
Bithumb	Bithumb Co., Ltd.
Flybit	Korea Digital Exchange Co., Ltd.
GOPAX	Streami Inc.
BTX	Childly Co., Ltd.
FOBL	Foblgate Co., Ltd.
CoreDAX	CoreDAX Inc.
BBLOCK	Greybridge Co., Ltd.
OK-BIT	Foristocks Korea Limited
BITCMON	Golden Futures Co., Ltd.
Prabang	Prabang Co., Ltd.
Borabit	Borabit Co., Ltd.
KODA	Korea Digital Asset Co., Ltd.
KDAC	Korea Digital Asset Custody Co., Ltd.
Oh! Wallet	WalletOne Co., Ltd.
Hyperithm	Hyperithm LLC
Oasis Exchange	Guardian Holdings Inc.
Custella	Mindshift Co., Ltd.
Infinite Block	Infinite Block Co., Ltd.
DSRV Labs	DSRV Labs Inc.
BDACS	VDAC Co., Ltd.
INEX	Infinity Exchange Korea Co., Ltd.
Wavbridge Prime	Wavbridge Co., Ltd.
Bauman	Happy Block Co., Ltd.
Robit	Blosafe Co., Ltd.

Table 1. Registered Virtual Asset Service Providers (VASP)

 

Due to this policy change, Korean users are expected to lose access to popular overseas exchange apps such as Binance and Bybit. These platforms face significant hurdles—such as obtaining ISMS certification and securing real‑name bank accounts—making compliance in the short term unlikely.

 

This move follows the Korean government’s March 2025 action that blocked domestic access to 17 unregistered foreign exchanges such as MEXC. Under the new Google Play policy, any exchange not registered with the FIU will be fully restricted: new users will be unable to access the apps starting January 28, and existing users will no longer receive updates.

 

However, this creates notable cybersecurity concerns. Users who continue running outdated app versions may be exposed to vulnerabilities due to missing security patches. Additionally, threat actors may exploit the situation by distributing malicious apps impersonating legitimate exchanges, claiming to offer updates or “official installation files” to steal personal information and wallet credentials.

 

Such counterfeit apps have been observed in the past, and experts warn that this policy shift may trigger a surge in smishing attacks and malicious app distribution campaigns targeting cryptocurrency users.

 

Figure 3. Malicious Apps Impersonating Cryptocurrency Exchanges

 

Cryptocurrency investors who use exchange apps should always verify the official list of registered Virtual Asset Service Providers (VASPs) published by the Korea Financial Intelligence Unit (FIU). Users must be cautious of attacks that attempt to lure them into installing or using unauthorized exchanges by falsely claiming they are legitimate.