- Feb 4, 2016
- 2,520
Tricksters have been misleading users about the functionality of apps by displaying bogus download numbers
It seems that tricksters on Google Play have found another way to make their deceptive apps appear more trustworthy to users – that is, at least at first sight.
The trick takes advantage of the fact that apart from the app icon and name, there is one more element the user sees when browsing apps – the developer name, displayed just below the app name. And since unknown developer names are no use for popularity-boosting purposes anyway, some app authors have been setting fictitious, high numbers of installs as their developer names, in an effort to look like established developers with vast userbases.
We have discovered hundreds of apps using this and similar tricks to deceive users. The apps we’ve analyzed were either misleading users about their functionality or had no functionality at all, yet most display many advertisements.
How to stay safe
The tricks described in this article are simple, yet potentially effective, ways to mislead users, particularly those who choose apps based on popularity. While none of these apps were outright malicious, these techniques could easily be misused by malware authors in the future. Fortunately, the tricks are also simple to spot, if you know what to focus on:
- Make sure to only take the number of installations for each app from the app’s Google Play page, as this is the official number. This will be visible in the “Additional Information” section at the bottom of the page.
- Keep in mind that Google Play does not have a “Verified” badge signifying the legitimacy of apps. It does have the “Editor’s Choice” category, marked by the Editor’s Choice badge in the top right corner of the app’s Google Play page.
- Make sure you read user reviews before downloading any app.
- If an app only has a small number of real installs, and/or was only released within the last few days, leave it for others to be the guinea pigs no matter how much you think you want it.