Ask HN: Why are we receiving thousands of fake users?

[WateryRaccoon]

We are a small company (<20 employees) who publish an popular app (within its niche) used by millions of people. The majority of our real users reside in North/Central America and Western Europe. Recently we began to see hundreds of thousands of installs showing up on Google Analytics from unexpected countries. The installs did not show up on the Play Console analytics, implying these users obtained the .apk from some other source. The bulk of these users are from Pakistan, India, Egypt, and Iraq, but these installs are also occurring in dozens of other developing countries. The event data we get from Google Analytics implies that most of the users quickly uninstall the app after installing it. About 5-10% of them create an account and verify their email address. We've gotten a handful of support emails and a couple of Play Store reviews wherein the user claims our app was installed without their intent or knowledge. We are concerned that whoever is behind this has a malicious objective, but haven't come up with a plausible explanation, and thus are hoping someone else has experienced similar phenomenon and would recognize this pattern.

[ian0]

Third party app stores are common here in Indonesia, while working on a previous app we found ~20-30% of users installed APKs via them.

They were the lowest converting segment, this was related to the demographic (rural & lower income). People were installing without understanding what the app did, subsequently uninstalling again as memory is scarce. Its hard to understand, but sometimes people just browse and download things out of boredom, curiosity or because they misunderstand what the app is for.

We also had complaints like yours "I didn't install this app" but when we contacted them direct (googled name, sent email/FB message) we often found that a spouse / kid had done so. Shared phones are common.

Im not sure if this could be related to your circumstances, it depends on the type of app you have. Also if its something that a kid may download, recent events may contribute. With covid there are lots of kids using their parents devices at home, with low cost / free data plans in place to support online schooling.

[WateryRaccoon]

Thank you for this insight. Because it's being installed on the order of 100,000's of people, and it all started on October 30th, I believe there is some specific event that set this off rather than a bunch of accidental or misled installs.

The utility of the app only exists in specific habitats.

Indonesia was, I believe, in the top 5 countries as far as install count. Knowing that 3rd party app stores are common gives us another avenue to explore. A buggy or exploitive 3rd app store could explain at least the attack vector, if not the actual objective behind this.

[chris1993]

We have seen something similar. Thousands of installs and immediate refunds in African countries far exceeding the number of 'real' installs. We contacted Google support but they just said everything is working as expected.

[parliament32]

Follow the money, who's being paid per-install for your app? Are you paying them, or are your in-app ads?

[bzb6]

Just block users from third world countries. They are too often more trouble than they are worth.

[WateryRaccoon]

The app has been unlisted from the problematic countries. The installs are not coming from the Play Store but rather somehow the APK is being installed directly to the phones. I don't know of a way to block this from occurring.

[bzb6]

Block them from the backend of your app, ie, your server, using IP geolocation techniques.

[WateryRaccoon]

We're prepared to do this if necessary, but most of these users aren't actually using the app. So the only apparent damage is them getting upset that the app keeps reappearing on their phone.

[bzb6]

If that’s what’s happening and it’s not happening through the play store then I’m afraid there may be nothing you can do about it.

[grassgreener]

Could be a click farm by an ad agency trying to meet a campaign target. Do you have ads within your application?

[WateryRaccoon]

We do have ads for our unregistered and free users. Our ad campaigns are all handled in-house.

[hindsightbias]

In what ways could your competition screw you?

[WateryRaccoon]

One theory we came up with is that our competition could be trying to get our app marked as spam or malware, and thus booted from the Play Store. If they have some sort of exploit that allows them to install arbitrary .apks on hundreds of thousands of Android devices, which seems probable if this is a malicious attack, it's unclear to me what we could do to prevent them from spamming our .apk to these users.

[marko0172]

Probably someone with your app installed copied their android image across a bunch of cheap phones at once.

[WateryRaccoon]

Interesting.. I don't think this would explain the users who claim the app keeps coming back after they've removed it? Is installing Android from another user's image a popular thing?

[mcslick12]

It's possible, if that image has a startup script to fetch the .apk from a third party source & install it. I've put custom/specialty ROMs on old Android devices in the past and they often come with random apps I don't need and uninstall on first boot.

[iSloth]

Do you have any SMS verification built into the signup?

[WateryRaccoon]

No. The app can be used without signing up at all. After you sign up, you are required to verify your email address (via email, not SMS) to receive a free trial which we offer.