{"id":5556,"date":"2016-09-01T05:21:50","date_gmt":"2016-09-01T09:21:50","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=5556"},"modified":"2019-11-15T15:24:06","modified_gmt":"2019-11-15T11:24:06","slug":"dont-believe-google-play-ratings","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/dont-believe-google-play-ratings\/5556\/","title":{"rendered":"Don&#8217;t trust the reviews and ratings on Google Play"},"content":{"rendered":"<p>Sometimes Android users have to download murky apps from Google Play. By \u201cmurky\u201d we mean unfamiliar apps, apps from small publishers, and so forth \u2014 not the likes of Evernote, Dropbox, banking apps, or other popular programs. It might be a specialized engineering calculator, for example, or an alternative music player.<\/p>\n<p>Many such apps exist in the Google Play store \u2014 thousands of them, in fact. And choosing isn\u2019t easy. Seasoned Android users recommend going with the apps that have been downloaded the most times, the highest-rated apps, or the apps reviewed by the most people.<\/p>\n<p>It seems to make perfect sense: The odds are good that an app downloaded by a lot of people is convenient and useful. And a higher rating means that users liked the app. Lots of reviews should also mean the program is popular. Together, these three criteria represent something like karma for the app.<\/p>\n<p>That doesn\u2019t mean an app with few downloads and ratings is necessarily bad; it could be that the app is new and the community hasn\u2019t had a chance to weigh in yet. But download and review number plus rating is generally considered a viable formula for prejudging an app. After all, reviews and rating were designed to make the system work.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Do you trust the ratings and reviews that you see on app stores? <a href=\"https:\/\/twitter.com\/hashtag\/iTunes?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#iTunes<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/play?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#play<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/amazon?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#amazon<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/771336089206415364?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 1, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>However, the matter\u00a0<a href=\"https:\/\/securelist.com\/blog\/research\/75894\/how-trojans-manipulate-google-play\/\" target=\"_blank\" rel=\"noopener noreferrer\">is not that simple<\/a>: Android Trojans can silently download apps to users\u2019 smartphones, write fake reviews, and artificially boost ratings.<\/p>\n<p>The key tool for all of that is rootkit Trojans, one of the most prolific types of mobile malware. These Trojans usually come bundled with popular apps from third-party app stores. They can also infiltrate a smartphone by means of SMS spam or malicious ads on websites.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Nexus <a href=\"https:\/\/twitter.com\/hashtag\/Android?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Android<\/a> devices vulnerable to rooting application, permanent compromise: <a href=\"https:\/\/t.co\/WJ7CUzql9A\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/WJ7CUzql9A<\/a> <a href=\"https:\/\/t.co\/xog2R71gSj\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/xog2R71gSj<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/712634908636741637?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 23, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Rootkits get their name from their ability to \u201croot\u201d a system (i.e., to get system-level access privileges) and thus gain total control over the targeted device. They can send SMS, download other apps, and do a number of other things without the user\u2019s consent or knowledge. In some cases, rootkits use Google Play to do their bidding.<\/p>\n<p>For example,\u00a0<a href=\"https:\/\/securelist.com\/blog\/research\/75894\/how-trojans-manipulate-google-play\/\" target=\"_blank\" rel=\"noopener noreferrer\">Guerilla<\/a>, a Trojan distributed by the Leech rootkit, attempts to steal user credentials from Google Play. Then it uses the store\u2019s API, masquerading as a client, and downloads, rates, and reviews apps on behalf of the user.<\/p>\n<p>This presents an opportunity for cybercriminals, who can enable infected smartphones to buy useless apps. They may also pursue another business model, selling \u201cboost-your-rating\u201d services to developers \u2014 or the flip side, downgrading an app to benefit its competitors.<\/p>\n<p>Reviews are a bit more complicated: Identical reviews would look fishy, and the language needs to seem natural. But fake yet plausible reviews are not at all unusual: \u201cGreat app, works for me!\u201d or \u201cEverything is alright, just add language support,\u201d and so forth.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Banking?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Banking<\/a> Trojan sneaks into Play Store\u2026 <a href=\"https:\/\/t.co\/GkMwSiFwuZ\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/GkMwSiFwuZ<\/a> <a href=\"https:\/\/t.co\/wXHgLCmozS\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/wXHgLCmozS<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/732648602217160704?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">May 17, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The perpetrators can generate a database of typical reviews and use Trojans to pick and post reviews randomly, eventually making them look quite natural.<\/p>\n<p>It boils down to this: You should not blindly trust Google Play reviews and ratings. But what, then? How should you choose an app?<\/p>\n<p>Here are some tips:<\/p>\n<p>1. Try to stick to apps made by known and trusted developers. Look for a\u00a0<a href=\"https:\/\/developer.android.com\/distribute\/googleplay\/about.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">blue diamond sign<\/a>, which indicates a \u201ctop developer\u201d as determined by the Google Play team. Of course, not all good developers have this diamond, but nonetheless, a good developer\u2019s name should be reasonably well known: Look it up on the Internet.<\/p>\n<p>2. Read the reviews. Yes, despite opportunities for mischief, if an app is worthy, it will have some detailed reviews, not just one-liners like \u201cAll is working, good job.\u201d Such longish reviews are indispensable when you need to get an initial impression.<\/p>\n<p>3. Install a security solution on your Android device. The probability of downloading a malicious app from Google Play is quite low, but such apps are actively distributed using SMS and malicious ads. A security solution will spare you becoming a puppet to cybercriminals and posting fake reviews without even knowing it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sometimes Android users have to download murky apps from Google Play. By \u201cmurky\u201d we mean unfamiliar apps, apps from small publishers, and so forth \u2014 not the likes of Evernote,<\/p>\n","protected":false},"author":696,"featured_media":5557,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1486],"tags":[105,109,1222,183,1223,521,692],"class_list":{"0":"post-5556","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-android","9":"tag-apps","10":"tag-comments","11":"tag-google-play","12":"tag-ratings","13":"tag-threats","14":"tag-trojans"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/dont-believe-google-play-ratings\/5556\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/dont-believe-google-play-ratings\/3921\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/dont-believe-google-play-ratings\/7594\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/dont-believe-google-play-ratings\/7619\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/dont-believe-google-play-ratings\/7612\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/dont-believe-google-play-ratings\/9014\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/dont-believe-google-play-ratings\/8881\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/dont-believe-google-play-ratings\/12907\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/dont-believe-google-play-ratings\/2393\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/dont-believe-google-play-ratings\/12882\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/dont-believe-google-play-ratings\/6027\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/dont-believe-google-play-ratings\/6533\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/dont-believe-google-play-ratings\/5331\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/dont-believe-google-play-ratings\/8571\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/dont-believe-google-play-ratings\/12432\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/dont-believe-google-play-ratings\/12907\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/dont-believe-google-play-ratings\/12882\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/dont-believe-google-play-ratings\/12882\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/android\/","name":"Android"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5556","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/696"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=5556"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5556\/revisions"}],"predecessor-version":[{"id":14852,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5556\/revisions\/14852"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/5557"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=5556"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=5556"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=5556"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}