
So the second attempt sat there for almost a week
Within days, the Check Point research team detected another instance with a different package name, but which used the same code. Check Point notified Google on 10 September and the app containing the malware was removed from Play on 15 September.
I realise that someone has to make sure this isn't just the developer of a competing app trying to cheat the system, but five days seems a very long time for a company with Google's resources.