In June 2021, the Delhi Police arrested 11 suspects involved in duping people for over 150 crores using their app on the Google Play Store.
The immensely popular fraud app, called “EZ Plan,” promised guaranteed returns of 5-10% on the user’s investments. Despite the guarantee, however, these investments never made any profits for the users. In fact, users most certainly lost all of their money after investing in the EZ Plan app. After receiving numerous fraud complaints, the Delhi Police took notice of the situation and tracked many of the fraudsters involved in the scam.
The most shocking aspect of the entire scenario was Google’s reaction to these frauds.
Google did not remove the application even after the police’s stringent action, and the app continued its duping trail until much later. It was only weeks following the arrests that Play Store removed EZ Plan from its app library.
The reality hasn’t changed much since the incident. Thousands of people lose their money on apps like EZ Play In fact, the police or the government often alert Google about fraudulent apps on their store, after which the store does the bare minimum of removing these apps. Odisha’s Economic Offence Wing recently asked Google to remove 45 illegal loan apps, but you can still find many of them on the Play Store.
The apps on this list cumulatively have several hundred thousand downloads and are amongst the top money lending offerings from the Play Store.
So, is Google Doing Nothing?
Knowing about the above cases might make you believe that Google is doing nothing about fraud apps on Play Store, but that’s not wholly true. Play Store currently features more than 2.8 million apps in its app library, and the Play Store uses AI-based scanning to regulate its library.
The automated scanning checks new and existing apps for any potential breaches of Google’s security policy. Moreover, Google offers Play Protect, which scans each new app on your device and restricts apps if you accidentally install malware on your device. It also checks for malicious code in the app’s data and constantly removes any apps that are suspect.
Evidently, the current system is not up to the mark. Otherwise, the Play Store would not feature such large numbers of illicit and fraud apps.
Here’s the catch: the Google security policy is surely a firewall against most rudimentary threats, but it fails as soon as developers try more sophisticated techniques to evade these restrictions. The Play Store takes little to no action on apps that comply with the basic security policy but dupes people of their money using lucrative deals. That’s a significant reason you can find a plethora of apps doing financial frauds in their own ways on the Play Store.
Additionally, Play Protect, which Google advertises as a basic antivirus, is nothing more than its way of curbing user access to third-party apps.
The Play Protect works on a fundamental principle that all apps available on the Play Store are malware free, and all other apps are a potential threat. Android is inherently more popular as a mobile operating system because it allows users to download and install apps from unofficial sources and alternative app stores, which sometimes might get blocked by the Google Play Store because they allegedly pose a threat to it.
The False Positives!
Besides failing to detect fraudulent apps, the security policy also tags numerous false positives. For instance, Google has a policy that states it would terminate a Developer Account whenever any of the associated accounts with access to an app’s Play Console dashboard gets involved in something shady.
Consider this to understand how grave this can be: small developers or entrepreneurs usually don’t have the budget to hire full-time staff and might prefer employing freelancers for the job so they can save their expenses. However, hiring freelancers has its downsides; other than the freelancer’s moral obligations, developers have nothing to control their actions in contrast to full-time employees who are bound by a formal contract.
In the case of app development, each contributor needs Play Console access to make their contributions. Naturally, each freelancer gets access to the Play Console with one of their Google accounts. The same freelancer may also have other clients and might have their account linked to other apps too. There are countless examples of Google shutting down an entire developer account because it was connected to a freelancer’s Google account that violated its policies.
Sure, there are cases where developers are actually doing something fishy, and terminating the developer account is good for user safety.
But, Google can only know the reality by conducting a proper investigation. Terminating Developer Accounts just because one of the associated accounts breached the security policy is nothing short of injustice to honest developers. A more humane solution is to carefully review the developer activity and conduct a manual review of the linked apps before concluding.
This brings us to a critical point; automating the entire app review process always allows room for loopholes. Fraud apps can many-a-time bypass the automated review process, while the system also targets the honest ones due to lacking the humane touch. The only way to eliminate these discrepancies is to conduct regular manual checks for all the apps in the library.
However, this job needs a vast and skilled labour force. More importantly, it needs a brand that keeps its users at the utmost priority. Being a monopoly in the Android app distribution market, Google places its profits above its users, and that’s a significant reason why Play Store has numerous phishing, fraud, and NSFW apps in its library.
Benefits of Manually Reviewing Apps
Typical app stores witness vast numbers of app submissions for review, and it’s essential to review apps without compromising on malware detection quickly. While automated testing lets app stores quickly check apps, malware detection takes a massive hit in the process.
So here’s why manual testing apps is vital for app stores that want to restrict scam apps from their library:
1. Undeniable accuracy
Automated tools work on a simple principle; the tool’s developer specifies certain rules, and the tool proceeds accordingly. However, as you might imagine, it becomes complicated to make such rules that detect unsuitable apps with pinpoint accuracy. Suppose the app store wants to block lottery apps from your store, you develop an automated tool that finds the term “lottery” in the app names and stops them. But what happens if a tool comes across an app that is a lottery app but doesn’t use the term in its name? That tool will allow this particular app and let it stay on the app store.
While this is an elementary example of this problem, the real-world examples are similar to this scenario but on a more complicated level. In short, you will always find exceptions to the rules you define no matter how hard you try.
Now, consider the situation, but this time, the app store takes a manual approach to go through apps on the store and shortlist the ones which fall under the category. Unless you make a human error, there is no chance that a lottery app sneaks through your review process. Real-world manual review systems use multiple tiers of reviewing to decrease the element of human error.
The bottom line is that creating an accurate automated reviewing tool is a tough job. If a brand decides to rely more on automating its review process, it might have a fast-paced review system, but it won’t be foolproof.
2. Perfect for dynamic environments
You can find a stark difference between apps from recent times and the ones from a few years back. These differences include everything from visual changes to the app code. Moreover, app development is a constantly evolving space that keeps getting better with each new app. While this fast-paced app evolution is excellent from the user’s perspective, the same evolution becomes a nightmare for Google engineers trying to keep the automated testing tools updated with the relevant information to filter out older apps.
Engineers must constantly update the testing tool and ensure the code still filters a significant part of the scam that tries to enter the ecosystem. Needless to say, updates to testing tools can also introduce bugs and allow malware to enter the Play Store.
On the other hand, manual testing involves skilled humans looking at the app code and UI. Humans can easily detect the nuances of any app code and design. Moreover, it is a rare sight for multiple manual testers to overlook the same app element and allow fraud apps to enter the ecosystem.
Unlike Google, Apple reviews apps extensively before they are permitted to the iOS App Store. These checks may involve ensuring the app works as advertised, has a UI consistent with the latest iOS update, and is not redundant — offer functionality that existing apps already don’t. Any app that doesn’t meet these requirements is simply denied entry into the ecosystem.
3. Replicates real-world use case
All the app development in the world happens with the end user in mind; developers make apps for people to use and interact with them. It becomes an obvious choice to have apps manually tested in order to replicate real-world use cases.
To make things simpler, imagine an app with nothing malicious in it. However, it has poorly mapped buttons around the UI which makes it unusable. An automated testing tool will certainly overlook this app and allow it to exist in the ecosystem as it doesn’t contain anything spooky. However, manually reviewing the same app changes the entire scenario; a manual tester can quickly identify the problems with the app UI and inform developers about the issues.
Moreover, manual testers automatically replicate numerous real-world scenarios right from the moment they begin using an app. The tester almost instantly begins testing app characteristics like response time and UI.
Despite how perfect an automated testing tool is, it can never fully interact with an app as a human would. Automated tools can only look at the app code and decide their usability; however, manual testing can go over many more real-world use cases.
4. Eliminates false positives
We mentioned the cases where Google terminated Developer Accounts to safeguard the Play Store whenever it found any of the associated accounts doing something fishy. The bare minimum required of Google was to at least manually investigate the cases before destroying the livelihood of developers who depend on these apps for a significant share of their earnings.
However, Google doesn’t bother to review the account terminations once its automated tools find a developer account that falls under the above criteria.
This is a prime example where automated software can point out numerous false positives. These false positives, when clubbed with a big tech company that doesn’t care to review these flags manually, are the perfect recipe for disaster. The honest — and mostly small-scaled — developers who cannot do much in terms of challenging Google’s decision are the ones that face the wrath of these false flags.
The entire example also makes you question why do you need to investigate things after already testing them automatically manually? Why can’t brands manually test apps in the first place and eliminate these false positives? The argument also makes sense as if Google makes humans manually investigate cases where one or more associated accounts have breached the security policy; the testers can effectively review the circumstances and also look at things from a human point of view.
For example, even if an associated account does something wrong, but the account belongs to a freelancer who doesn’t own the developer’s account, banning the freelancer’s account and a simple warning could do wonders.
5. Saves the day when automation is not possible
Sometimes it is just impossible to develop an automated testing tool for a particular scenario. Brands that rely heavily on automated testing either overlook such testing categories or hire manual testers.
On the other hand, manual testing is free from all such cases where automation fails. You might need more skilled testers for a complicated project. However, you would rarely come across a case where manual testing fails.
This brings us to the same question: Why put users at stake and try to automate the testing process rather than manually test apps?
Indus App Bazaar: An App Market with Industry-leading App Testing Standards
Now that we know how manually testing apps vanquishes automated testing, it’s an excellent time to learn more about an app distribution platform that places its user’s interest at the top.
Indus App Bazaar is home to more than 400,000 apps which are available in more than 12 Indian languages, including English. Currently, Indus App Bazaar collaborates with the Samsung Galaxy Store in India and provides its services to users.
The best part about Indus App Bazaar is how it treats India as a nation. Instead of treating India as one big market and typecasting everyone under the ‘Indian’ tag, it recognizes the different needs of each Indian. It understands that although sharing the same nationality, a Punjabi urban user might have significantly different demands from that of a rural Maharashtrian user. That’s the reason behind Indus’s emphasis on providing as many language options as it can within the store UI and in the apps from the store.
Moreover, the end user gets some fantastic additional benefits like a clear billing policy, equal treatment of each language in the store, and frequent and innovative updates to the UI.
Best of all, you don’t need to worry about malware getting into your devices as Indus’s manual app review system makes sure to clean any junk from their ecosystem. You can confidently download any app from the store and use its features without fearing a financial scam or privacy breach.
Not only the user but developers too can gain a lot by utilizing Indus App Bazaar to showcase their apps. First up, Indus focuses immensely on improving its app recommendations, and the numbers speak for them. As a developer, you only need to focus on developing quality apps and leave the rest to Indus’s excellent recommendation algorithm. The algorithm will automatically push your app to the relevant user base, benefiting both users and developers. Additionally, thanks to its superb manual review system, you will never face a case where Indus App Bazaar abruptly terminates or suspends your developer account without conducting a thorough investigation.
As a developer, you will significantly make more profits on each in-app purchase as, unlike Play Store and App Store, Indus charges way fewer commissions from the developers. The app store also gives appropriate credits to the app developers across the UI to encourage the developer’s growth.
With exponentially increasing frauds by apps available on the Play Store, one cannot stop themself from questioning Google’s app review systems and related practices. Google’s heavy reliance on automated testing and avoiding any manual investigations is a significant reason why Play Store is getting constantly plagued with bad apps.
The above article discusses the perks of manually reviewing apps over their counterpart. Finally, the article also talks about Indus App Bazaar, an industry-leading alternative app store that relies on human moderators to manually reviews apps and evaluates their merits.
Enjoyed this post? You can read more of our blog posts here.