By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Cross-Site Scripting: The Real WordPress Supervillain
    Cross-Site Scripting: The Real WordPress Supervillain
    12 months ago
    Hackers targeting your smartphone
    12 months ago
    Improved Version of CTB-Locker (Onion Ransomware) Emerges
    12 months ago
    Latest News
    Beware of scammers! Dangerous apps in the App Store
    2 days ago
    How To Limit Login Attempts on WordPress (+ Should You?)
    3 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)
    3 days ago
    Two privilege escalation vulnerability in Simple Membership Plugin
    4 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Cloudflare Notification about increase in ransom DDoS threats
    12 months ago
    Windows 11 build 25169 outs with new features
    12 months ago
    How to enable Bluetooth on Windows 11
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    8 months ago
    Now you can speed up any video in your browser
    8 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    9 months ago
  • How To
    How ToShow More
    Detecting zero-days before zero-day
    Detecting zero-days before zero-day
    23 hours ago
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    23 hours ago
    Network performance update: Birthday Week 2023
    Network performance update: Birthday Week 2023
    23 hours ago
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    2 days ago
    Privacy-preserving measurement and machine learning
    Privacy-preserving measurement and machine learning
    2 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    The most Important Shortcuts Keys For Computer
    12 months ago
    What’s new in Chrome 88
    12 months ago
    Windows 11 might get floating Taskbar similar to macOS
    9 months ago
    Latest News
    How to enable extensions for Google Bard AI
    2 days ago
    Window 11 Copilot: 10 Best tips and tricks
    2 days ago
    How to create AI images with Cocreator on Paint for Windows 11
    3 days ago
    How to install September 2023 update with 23H2 features for Windows 11
    4 days ago
  • Glossary
  • My Bookmarks
Reading: Don’t trust the reviews and ratings on Google Play
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

Don’t trust the reviews and ratings on Google Play

Vitus White
Last updated: 13 October
Vitus White 4 years ago
Share
6 Min Read

Sometimes Android users have to download murky apps from Google Play. By “murky” we mean unfamiliar apps, apps from small publishers, and so forth — not the likes of Evernote, Dropbox, banking apps, or other popular programs. It might be a specialized engineering calculator, for example, or an alternative music player.

Many such apps exist in the Google Play store — thousands of them, in fact. And choosing isn’t easy. Seasoned Android users recommend going with the apps that have been downloaded the most times, the highest-rated apps, or the apps reviewed by the most people.

It seems to make perfect sense: The odds are good that an app downloaded by a lot of people is convenient and useful. And a higher rating means that users liked the app. Lots of reviews should also mean the program is popular. Together, these three criteria represent something like karma for the app.

That doesn’t mean an app with few downloads and ratings is necessarily bad; it could be that the app is new and the community hasn’t had a chance to weigh in yet. But download and review number plus rating is generally considered a viable formula for prejudging an app. After all, reviews and rating were designed to make the system work.

Do you trust the ratings and reviews that you see on app stores? #iTunes #play #amazon

— Kaspersky Lab (@kaspersky) September 1, 2016

However, the matter is not that simple: Android Trojans can silently download apps to users’ smartphones, write fake reviews, and artificially boost ratings.

The key tool for all of that is rootkit Trojans, one of the most prolific types of mobile malware. These Trojans usually come bundled with popular apps from third-party app stores. They can also infiltrate a smartphone by means of SMS spam or malicious ads on websites.

Nexus #Android devices vulnerable to rooting application, permanent compromise: https://t.co/WJ7CUzql9A pic.twitter.com/xog2R71gSj

— Kaspersky Lab (@kaspersky) March 23, 2016

Rootkits get their name from their ability to “root” a system (i.e., to get system-level access privileges) and thus gain total control over the targeted device. They can send SMS, download other apps, and do a number of other things without the user’s consent or knowledge. In some cases, rootkits use Google Play to do their bidding.

For example, Guerilla, a Trojan distributed by the Leech rootkit, attempts to steal user credentials from Google Play. Then it uses the store’s API, masquerading as a client, and downloads, rates, and reviews apps on behalf of the user.

This presents an opportunity for cybercriminals, who can enable infected smartphones to buy useless apps. They may also pursue another business model, selling “boost-your-rating” services to developers — or the flip side, downgrading an app to benefit its competitors.

Reviews are a bit more complicated: Identical reviews would look fishy, and the language needs to seem natural. But fake yet plausible reviews are not at all unusual: “Great app, works for me!” or “Everything is alright, just add language support,” and so forth.

#Banking Trojan sneaks into Play Store… https://t.co/GkMwSiFwuZ pic.twitter.com/wXHgLCmozS

— Kaspersky Lab (@kaspersky) May 17, 2016

The perpetrators can generate a database of typical reviews and use Trojans to pick and post reviews randomly, eventually making them look quite natural.

Why one should not trust #Google Play ratings and reviews

Tweet

It boils down to this: You should not blindly trust Google Play reviews and ratings. But what, then? How should you choose an app?

Here are some tips:

1. Try to stick to apps made by known and trusted developers. Look for a blue diamond sign, which indicates a “top developer” as determined by the Google Play team. Of course, not all good developers have this diamond, but nonetheless, a good developer’s name should be reasonably well known: Look it up on the Internet.

2. Read the reviews. Yes, despite opportunities for mischief, if an app is worthy, it will have some detailed reviews, not just one-liners like “All is working, good job.” Such longish reviews are indispensable when you need to get an initial impression.

3. Install a security solution on your Android device. The probability of downloading a malicious app from Google Play is quite low, but such apps are actively distributed using SMS and malicious ads. A security solution will spare you becoming a puppet to cybercriminals and posting fake reviews without even knowing it.


Source: kaspersky.com

Translate this article

TAGGED: Google Play, Malware, Rootkit, RTF, Security, Split tunneling, Threats
Vitus White October 13, 2022 September 30, 2019
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Detecting zero-days before zero-day
Detecting zero-days before zero-day
Apps 23 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps 23 hours ago
Network performance update: Birthday Week 2023
Network performance update: Birthday Week 2023
Apps 23 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps 2 days ago
Privacy-preserving measurement and machine learning
Privacy-preserving measurement and machine learning
Apps 2 days ago

You Might Also Like

Detecting zero-days before zero-day
Apps

Detecting zero-days before zero-day

23 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps

See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan

23 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps

Cloudflare now uses post-quantum cryptography to talk to your origin server

2 days ago
Privacy-preserving measurement and machine learning
Apps

Privacy-preserving measurement and machine learning

2 days ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
How to install September 2023 update with 23H2 features for Windows 11
How to get the latest Windows 11 innovations
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme

10 New Stories

Encrypted Client Hello – the last puzzle piece to privacy
Beware of scammers! Dangerous apps in the App Store
How to enable extensions for Google Bard AI
Reminder: Enable two-factor authentication wherever you have it. This business
​​Know exactly when your data is transferred to GoogleIn a world where our data is permanent
​​Fake correspondence with the iPhone interfaceIn a world where digital communication is
Previous Next
Hot News
Detecting zero-days before zero-day
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Network performance update: Birthday Week 2023
Cloudflare now uses post-quantum cryptography to talk to your origin server
Privacy-preserving measurement and machine learning
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?