The Apple App store and Google Play are both failing to prevent fake and suspicious reviews infiltrating their platforms, a large-scale analysis by Which? has found.
The consumer champion uncovered that as many as a quarter (25%) of apps on the Google Play store out of the top 100 in certain popular categories have suspicious reviews, while in Apple’s App Store this figure reached up to one in six (17%).
The findings suggest that millions of consumers could be unwittingly handing over their personal data or money to apps that have cheated their way to the top of the world’s two most prominent app stores using fake reviews.
The government is expected to introduce reforms to crack down on fake reviews through its Digital Markets, Competition and Consumer Bill. Which? supports these changes which would make it clearly illegal to pay someone to write a fake review or host a review without taking steps to check if it is real, as well as powers to fine firms that flout the rules directly.
Which? initially came across apps using fake five-star reviews after a simple Google search revealed a number of businesses offering review services for app stores. Some even pay Google to appear at the top of the search results as advertised businesses, while selling fake reviews for apps on Google’s own store.
Review broker services for apps offer bulk downloads, reviews or upvotes to help push apps up the rankings. It makes apps seem more reputable if they have been downloaded a large number of times. Meanwhile, upvotes manipulate what app store users see – reviews are automatically sorted by ‘helpful’ or ‘relevance’ so those with more upvotes will appear first, meaning developers can surface positive reviews and bury negative ones.
One fake review broker site, reviewlancer, claims to have sold nearly 53,000 reviews and exchanged more than 130,000 reviews between apps and another, AppSally, offers review manipulation for many platforms and has featured in previous Which? fake review investigations.
Which? also easily found review trading groups on Facebook, where they openly trade on groups with names like ‘Android App ratings and reviews’ or ‘App reviews’. Which? researchers pretended to be developers looking for fake reviews for an app, and were approached by several users offering reviews for as little as £1.70.
Using information gathered from these Facebook groups and through the review broker sites, Which? compiled a list of apps that had evidently used fake reviews and benchmarked these apps against well-known and trusted apps in the same category – comparing the behaviour of reviewers on a dating app to those on legitimate app Tinder, and a smartwatch app to legitimate apps Fitbit, Garmin and MyFitnessPal.
This assessment of more than 18,000 reviews revealed stark differences in review patterns, and a model for estimating the amount of suspicious activity across apps. This model was based on four red flags – higher numbers of positive reviews, review ‘surges’ over a short space of time, reviews that are short in length and high subjectivity in five-star reviews.
Which?’s assessment found that apps on Google Play using paid-for reviews had a significantly higher proportion of five-star reviews: 60.5% of the dating app reviews were five stars, compared to just 9.7% for Tinder.
For the health app, five-star reviews made up 45.8% of reviews, while Garmin had only 6%.
Another red flag is apparent bulk uploads of reviews. Which? found that there were clusters of four and five-star reviews over a few days, then very few for weeks or months before another spike. These spikes likely coincide with employing a review broker. On the well-known apps, reviews trickled in consistently, with very few big spikes in activity.
Which? also looked at review length. Five-star reviews on the dating app which showed signs of suspicious activity were less than 20 characters long on average and were significantly shorter than the app’s one or two-star reviews. For Tinder, five-star reviews were closer to 150 characters long.
Experts also analysed the content of the reviews using sentiment analysis, a widely used method for determining the subjectivity of a review. It found that apps that had engaged in fake review activity had a higher proportion of subjective five-star reviews than one-star reviews – favouring personal opinion such as ‘best app ever’ over factual information.
All of these patterns have typically been found in Which?’s other investigations where there has been review manipulation.
Researchers then applied Which?’s model for identifying suspicious reviews to the top 100 apps in two categories, health & fitness and gaming, on both the Apple App store and Google Play. The research took place in December 2022 and January 2023, and looked at nearly 900,000 reviews across both app stores, and uncovered a worryingly high level of suspicious review activity.
For the Google Play Store, a quarter (25%) of apps in the health & fitness category and one in five (22%) apps in the games category raised all four of the red flags for suspicious reviews.
On the Apple App Store, one in six (17%) apps in the health & fitness category and one in seven (15%) apps in the games category raised four of the red flags for suspicious reviews.
The government’s Digital Markets, Competition and Consumer Bill should be a vital update to consumer protection law to ensure major tech firms take more responsibility for addressing fake reviews that are rife on their platforms.
The Bill will also give the Digital Markets Unit, which will sit within the Competition and Markets Authority (CMA), powers to prevent tech giants like Apple and Google from exploiting their powerful position in key sectors. The CMA has already shown that a lack of competition for the App Store and Google Play is driving up the prices of apps, and Which?’s latest investigation suggests it could also be leading to poor quality service.
Rocio Concha, Which? Director of Policy and Advocacy, said:
“Apple and Google are failing to prevent fake and suspicious reviews infiltrating their app stores, leaving consumers at huge risk of being misled into downloading apps that have been boosted through unscrupulous tactics.
“Our latest findings illustrate why the Digital Markets, Competition and Consumer Bill is so badly needed in order to tackle fake reviews and the dominance of the tech giants, and finally make consumer protection laws fit for the digital age.”
Notes to editors
Further details on Which?’s campaign to ‘Make tech giants take responsibility’ can be found here: https://campaigns.which.co.uk/
Five tips for using app stores safely
Sort the reviews
Reviews are automatically sorted by ‘helpfulness’ on the App Store and ‘relevancy’ on Google Play, but these metrics can be manipulated by fake reviewers. This means you may only see positive reviews, while negative ratings are buried. Try sorting in a variety of ways to surface other reviews – by date, topic or star rating, for example.
Be sceptical of five stars
If an app has a large number of reviews and a high proportion of them are five stars, ask yourself how likely it is that so many users would have had a faultless experience. If those five-star reviews are gushingly positive, then take them with a pinch of salt. Which?’s research has revealed that well-known apps have a mix of ratings.
Check review length and frequency
Which?’s research also suggests you should be wary of too many short reviews. If you see that a lot of them are just a few words in length, it could be a red flag. Also check to see when the reviews landed – if a bunch of them were all placed in a short space of time, that could be a sign of a review surge, driven by fake review brokers.
Check app permissions
Apps need to access functions on your phone to work. For example, a plant ID app needs to use your camera to take plant pictures. But do check for excessive permission requests, such as a demand for your precise location when a vague one should do. You can view and deny requested permissions on app store listings; the app might not work if you block them all, though.
Install the latest updates
Software updates provide protection against the latest threats; they also fix bugs or issues. Many apps aren’t updated regularly, with some not receiving an update for several years. Check on the app store before you download, and if an app hasn’t been updated for six months or more, it might be a sign it should be avoided.
Right of replies
Apple told Which? that submitting fraudulent reviews is a violation of the Apple Developer Program License Agreement, and developers who attempt to cheat the system may have their apps removed.
Apple said it systematically detected and blocked over 94 million reviews and over 170 million ratings from publication for failing to meet moderation standards in 2021. An additional 610,000 reviews were also removed after publication based on customer concern submissions and additional human evaluation.
Which? contacted Google with its findings. It told Which? that it would not be providing a statement on the reviews research unless it was provided with all of Which?’s underlying research.
Regarding the Google ads for review broker sites – which pay money to Google to appear there – Google told Which? that it had evaluated these and taken appropriate action under its policies. It said that it does not allow ads that promote products or services designed to enable dishonest behaviour.
A Meta spokesperson said: ‘Fraudulent and deceptive activity is not allowed on our platforms, including offering or trading fake reviews. We removed a number of the groups for violating our policies. While no enforcement is perfect, we continue to invest in new technologies and methods to protect our users from this kind of content.’
Which? contacted AppSally and it did not respond. Which? also tried to contact reviewlancer but the site appears to have been taken down.
Which? is the UK’s consumer champion, here to make life simpler, fairer and safer for everyone. Our research gets to the heart of consumer issues, our advice is impartial, and our rigorous product tests lead to expert recommendations. We’re the independent consumer voice that influences politicians and lawmakers, investigates, holds businesses to account and makes change happen. As an organisation we’re not for profit and all for making consumers more powerful.
The information in this press release is for editorial use by journalists and media outlets only. Any business seeking to reproduce information in this release should contact the Which? Endorsement Scheme team at firstname.lastname@example.org.