Windows 10 News and info | Forum
November 17, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: New Google Warning: 280M+ Android Users At Risk As China Manipulates Play Store  (Read 52 times)
javajolt
Administrator
Hero Member
*****
Online Online

Gender: Male
United States United States

Posts: 30700


I Do Windows


WWW Email
« on: October 02, 2019, 09:33:43 PM »
ReplyReply

Stories about China and the VPN market usually focus on the use of these virtual private networks to access news sites and social media when caught behind the country’s infamous “Great Firewall.” But now there’s a twist, with new research finding that “the top 10 Google Play search results for ‘vpn’ are dominated by [Chinese] apps participating in potentially fraudulent manipulation practices.” And those apps have secured more than 280 million installs between them.

VPNs redirect internet traffic through remote servers, hiding user locations and IP addresses, encrypting information sent and received. And so this new research from the team at VPNPro is worrying on two counts. First, Google’s system appears to be easily gamed. There are no sophisticated tactics at work here—the researchers claim that basic ruses make all the difference. And, second, users might inadvertently install VPNs they believe to be popular and safe, when in fact if data is logged, if that data can be linked to the individual using the app, then the purpose of the VPN is undermined.

In short, the team claims to have “uncovered what appears to be a large scale operation by Chinese VPN service providers to manipulate Google Play store results—leading to millions of people using potentially unsafe VPNs.” The team has concluded that the blatant manipulation of Google Play together with the “obligation” Chinese tech companies have “to hand data to the government when requested, “could indicate a much more serious issue beyond algorithm manipulation.”

The VPNPro team found that “seven out of the top ten apps,” found to be manipulating the Google Play system, “are either based in Hong Kong, have Chinese directors, or are located in China.”

Commenting on the research, VPNPro security researcher Jan Youngren warned that “at best we’ve uncovered companies using underhand, unethical tactics to mislead consumers and make millions. At worst, there’s a much more sinister strategy at play to monitor and obtain the data of millions of people who have cause to use a VPN to stay safe and private—Often these people live in countries where it is dangerous to publicly express their views, or work in fields such as investigative journalism and human rights... an unsafe VPN can be a matter of life or death.”

Based on extensive analysis carried out by the team earlier this year, the Google Play ranking algorithm “allows black hat tactics to improve rankings for such a popular keyword [as ‘vpn’], Google has previously ​vowed to clamp down on app manipulation tactics,​ but this research shows that it still has a long way to go.” Although “rankings in Google Play are very volatile,” a VPNPro researcher explained, “we haven’t noted any big changes to the rankings which would indicate the algorithm has changed.”

What this means in practice is that the VPN services that are most popular in the real world, outside Google Play, the likes of ExpressVPN, CyberGhost and NordVPN ranked badly within the store. No surprises in how all this has been achieved—fake reviews, misrepresented backlinks and keyword stuffing.

VPNPro “analyzed more than 150,000 reviews to understand how these unpopular VPN apps are able to rank so highly on Google Play,” finding that fake reviews “have significantly fewer words per review... are less unique... and have a higher percentage of reviewers whose names are hidden... and a higher percentage of reviews starting with lowercase letters.” Again no real surprises, this is what you find with bot-driven, machined or production-line reviews.

While less obviously a driver of high rankings, the research team also discovered that those same VPNs had “multiple suspicious backlinks from unrelated websites or articles, unmoderated comments, and pingbacks or trackbacks.” As with the reviews, nothing seemed especially well-hidden or difficult to find.

And this raises a serious question: why can such obvious tactics so easily manipulate the ranking system? “What’s more surprising isn’t that fraudulent backlinks still work to increase rankings. It’s that the ‘s​pammiest’​ fraudulent backlinks seem to perform well in manipulating Google Play’s ranking algorithm. This is a disappointing departure from Google’s well-kept and fear-inducing web search algorithm.”

And then there’s keyword stuffing, again nothing especially clever, just a brute force attack on the essence of the app stores itself. “The better-ranked VPN apps have between 1-3 ‘vpn’ keywords in their title, up to five non-brand keywords in their app ID, and a high frequency of ‘vpn’ in their app descriptions.” One of those descriptions mentioned the word ‘vpn’ a staggering 48 times. This is clearly not difficult to spot.

Google’s Play Store has come in for serious criticism in recent months, with multiple warnings about malware-laced apps, subscription scams and unwarranted requests for device permissions and access to user data. These latest findings show there are issues across the store, vulnerabilities exploited by bad actors for commercial or criminal gain. As VPNPro puts it, “it is becoming increasingly difficult to manipulate Google’s search algorithm—the same doesn’t seem to apply to the Google Play store.”

The team costed the price to developers of buying the reviews and backlinks they needed to enhance the profile of their apps—keyword stuffing comes for free. “With less than $16,000,” they explain, “app developers can gain up to 100,000,000 installs and make that money back in a reasonable amount of time, potentially through subscription fees and ad revenue.”

VPNPro also told me that “our experience has shown that unless a VPN explicitly advertises it is a ‘no-logs VPN’, they are most likely collecting and storing user logs—or possibly worse, such as selling data to third parties. Without further research, we cannot say for certain data logging policies are, or what is done with the data.”

All VPNs are not created equal, the research team warns, “and a lot of security and privacy apps can be vehicles for data harvesting and malware. We take the view that if a company is willing to use manipulative practices to promote their app, the chances are they cut corners in other ways. Users shouldn't gamble on security and privacy and instead only use apps that have been independently reviewed, preferably from companies that are transparent and have a good track record."

Sound advice. As is checking the VPNs installed on your devices against the list shared by the researchers and cleaning house as required.

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page October 08, 2019, 11:50:21 AM