Home » Uncategories » g00000gle reporrt 556677

g00000gle reporrt 556677


zhow to provide star reviews on applications in PlayStore without the need to download the application
Stars and reviews greatly affect the quality of information on an application, even affecting the ranking in Google Play

(sample image from the order of google play that gets low stars)
as we know to give a star review we must download the application first. After downloading, then we are allowed to give a star review on the application.

Google itself has a system where it will delete a fake review, but of course it takes a long time and sometimes the application developer himself has to do the fake review report.

In my previous report https://issuetracker.google.com/u/1/issues/149099351 , Google said this would be a one-way attack because Google would delete the fake review itself. But the question is how long is the process?

google conditions: https://support.google.com/googleplay/android-developer/answer/7318385?hl=en
  
This is a fake review that I did last month



As you can see, the fake review hasn't been removed by Google yet.
You can imagine 1 month is a very long time, and for a fake review.
this is very beneficial and detrimental to application developers as attackers do not need a lot of mobile phones to install applications in order to give a bad star review.
With a period of only 1 month fake bad reviews can still be seen on the victim's google play, of course it is very influential on the application developer. Some people will rethink with him reading a comment on the application without realizing it is a fake review.







(There is no comment column on the website play.google.com)

Google Play itself requires users to download the application before giving a review and stars.

Below are the steps to reproduce the vulnerability

  1.       Login gmail in your browser
  2.      Open this link https://play.google.com/store/ereview?origin=https://play.google.com&docId=com.rockstargames.gtactw&hl=id&width=8136&source=play-store-boq-web&usegapi=1&id=I1_1581248395020&_gfid=I1_1581248395020&parent=https://play.google.com&pfname&rpctoken=22026568&jsh=m;/_/scs/abc-static/_/js/k%3Dgapi.gapi.en.Sj5LKyeUKoE.O/d%3D1/ct%3Dzgms/rs%3DAHpOoo9ToCtoaz0mr9IKXAop6Eq9AIpSlw/m%3D__features__
  3.  Give a 1 - 5 star review and koment
  4.  by changing the docID with other applications we can do a review and give stars to other applications without the need to install on our cell phones.



Result : 


This is a very detrimental interest to Google, this needs to be fixed, with a month's review a fake review still appears it's terrible





0 Response to "g00000gle reporrt 556677"

Post a Comment

Subscribe to: Post Comments (Atom)