Security researchers over at ESET are warning users about an app on Google Play that uses trickery to force users into leaving high ratings, promising that doing so will unlock its full range of features.
The app in question, where an aggressive ad-displaying trojan was detected, masquerades as a tool to download content from YouTube, and has been downloaded more than 5,000 times.
Detected as "Android/Hiddad.BZ," the app utilizes the method of begging for high-ratings through 'nag' screens. It will bombard the user with ads, and it promises to remove them should the user give them a 5-star rating on the Google Play Store.
Hiddad was found on Google Play in seven versions, each named as a slightly modified variation of "Tube.mate" and "Snaptube." Once installed, all of them appear as "Music Mania" in the user's app list.
Launching the app, a fake system screen will appear, prompting the user to install a "plugin." The screen will be overlayed, so the user will be forced to go through the process. By clicking the install button, it will install an ad-displaying payload. The alleged plug-in will then ask for device administrator rights, which cannot be canceled.
Once this is granted, the app will immediately show a screen full of ads, and it will ask to be rated 5-stars on Google Play to be able to rid of all the advertisements. If the user refuses, they will be served with even more aggressive ads, aiming to provoke the user.
A user can remove the app's device administrator rights in the Settings app, to take control of the situation. Only then they can proceed to manually uninstalling all the rogue apps installed on the host device.
While this concerns only one app, ESET notes that there has been a rise in apps that demand a high rating to unlock the full content. Take an app called "Subway Sonic Surf Jump" for example; while it is full of 5-star ratings, the reviews say that the users have been forced to give them such a high rating, while the promised content remains unaccessible.
"Such incentives for rating are, however, inherently false promises, as there is no way for developers to connect users to specific reviews and thus no way to 'reward' the ones that leave five stars," writes Lukas Stefanko of ESET. "On top of that, reward or no reward, apps that promise users anything in exchange for high ratings are against the Google Play Developer Policy."
Given the rise of apps such as these, it pays to be very meticulous about the software we download and install on our devices. Seeing the numerical rating isn't enough these days, as cyber-tricksters have created ways to bypass this system. Reading through users' reviews can help, as this might provide a clearer idea of how the app really functions.