Manipulate App Store Rankings or Ratings

An adversary could use access to a compromised device's credentials to attempt to manipulate app store rankings or ratings by triggering application downloads or posting fake reviews of applications. This technique likely requires privileged access (a rooted or jailbroken device).

ID: T1452
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Impact
Platforms: Android, iOS
Version: 1.0
Created: 25 October 2017
Last Modified: 03 July 2019
Provided by LAYER 8

Procedure Examples

ID Name Description
S0293 BrainTest

BrainTest provided capabilities that allowed developers to use compromised devices to post positive reviews on their own malicious applications as well as download other malicious applications they had submitted to the Play Store.[1]

S0432 Bread

Bread had many fake reviews and ratings on the Play Store.[2]

S0322 HummingBad

HummingBad can create fraudulent statistics inside the official Google Play Store.[3]


This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.