According to SimilarWeb data, the keyword “vpn” is among the 10 most popular search terms on Google Play. The app store had around 19.5 billion downloads in the third quarter of 2018 alone – worth $18 billion. Any app that can get within the top 10 search results will get large numbers of installs and users, as well as significant revenue from subscription fees or ads within the app.
Our research shows that the top 10 Google Play search results for “vpn” are dominated by apps participating in potentially fraudulent manipulation practices.
We also discovered that 7 out of the top 10 apps are either based in Hong Kong, have Chinese directors, or are located in China. The 3 remaining apps are based in the US, having all been purchased by AnchorFree, the creators of Hotspot Shield. We previously covered these VPN apps in our research on the true ownership of popular VPNs.
In general, we can divide VPNs from our research into two categories:
- Google Play better-ranked VPNs: these are the top-ranked, free VPNs found in Google Play when searching for the keyword “vpn”
- VPN market leaders: these are the leaders of the consumer VPN industry, such as ExpressVPN, NordVPN, CyberGhost, etc.
The high ranking of these better-ranked apps is surprising since nearly all of them have limited popularity outside of the Google Play store, according to Google Trends (FREE VPN was not included, since its name is too generic):
The VPN market leader’s Android apps, on the other hand, rank badly in the Play store, with brands like ExpressVPN at position 34, CyberGhost at 49, and NordVPN at 104.
These better-ranked apps seemed to have found a weakness in Google Play’s ranking algorithm, as nearly every app in the top 10 uses a similar strategy. This reflects very poorly on Google’s Play store, since it allows black hat tactics to improve rankings for such a popular keyword. Google has previously vowed to clamp down on app manipulation tactics, but this research shows that it still has a long way to go for that to become effective.
Note: rankings are based on our January 2019 analysis. Also, these app titles may have changed since our initial analysis, since app developers are constantly updating app names for various reasons.
Google Play’s ranking algorithm seem to be manipulated by the analyzed VPN apps by:
- Using large amounts of fake reviews: the top 10 apps for the keyword “vpn” have fewer words per review, more duplicate reviews, and more reviews from hidden users
- Using blackhat backlink tactics in order to boost their backlink profile, regardless of topic relevance
- Stuffing the target keyword throughout the app’s ID, title, and description, with one app using the keyword “vpn” 48 times in its description
We’ll go through each tactic to uncover how these better-ranked VPN apps are performing so well. We’ll also use rough estimates for each tactic to understand how much it would cost for an app developer to achieve the same results.
1. Fraudulent reviews
As part of our research, we analyzed more than 150,000 reviews to understand how these unpopular VPN apps are able to rank so highly on Google Play. We looked at 15 VPN providers’ apps – 10 better-ranking VPNs, plus 5 market leader (but lower-ranking) VPN brands. Our data revealed an interesting trend.
The reviews for the top 10 better-ranked VPN apps have these four characteristics:
1. They have significantly fewer words per review: the average number of words for the VPN market leader group is 27, while the average for the Google Play better-ranked VPNs is less than 12.
2. They are less unique: only 69% of the better-ranked VPNs’ reviews are truly unique, while the VPN market leaders have nearly 90% unique reviews.
3. They have a higher percentage of reviewers whose names are hidden: Google allows reviewers to hide their usernames under the moniker “A Google user.” Only 16% of the reviews for the VPN market leaders were written by “A Google user,” whereas for the better-ranked VPNs that number is nearly 30%.
4. They have a higher percentage of reviews starting with lowercase letters: only 10% of the VPN market leaders’ reviews start with lowercase letters. For the better-ranked VPNs, a full 33% of their reviews begin with lowercase letters. One top 10 VPN app, Turbo VPN, has a shocking 72% of its reviews beginning with lowercase letters.
Android reviews beginning with lowercase letters are seen as a warning sign for fraudulence, since most Android-based devices capitalize the first letter of the sentence by default. This might imply the usage of an automated commenting system or desktop (non-Android) devices.
Cost to recreate
We searched around blackhat marketplaces to discover how much it would cost to buy the same amount of fraudulent reviews. In order to achieve that, we did the following.
- We assumed that not all reviews are fake.
- We isolated the reviews that have between 1 and 4 words and have at least one duplicate.
- From that, we discovered that the 10 better-ranked VPNs have a total of 52,483 suspicious reviews, or 5,248 per app. Compare this to the 5 VPN market leaders, which have a total of 9,567 suspicious reviews, or 1,913 per app.
At $300 for 100 reviews, it would cost you $15,744 to get the same amount of fraudulent reviews.
When read by human eyes, the better-ranked app reviews show obvious signs of fraudulence. However, since they are created to manipulate Google Play’s algorithm and get huge increases in rankings (along with the two other techniques discussed below), they have unfortunately proven successful.
2. Suspicious backlinks
While no correlation has been confirmed between an app’s backlink profile and its rankings in the Play store, many marketers believe there is a link, since backlinks impact Google’s web search results. Using Ahrefs, we analyzed each of the 15 apps’ backlinks and noticed a trend:
The better-ranked VPN apps have multiple suspicious backlinks from:
- unrelated websites or articles
- unmoderated comments
- pingbacks or trackbacks
The primary suspicion came from the fact that these better-ranked apps received backlinks from articles with such unrelated titles as:
- Getting to Know the Animals of Mpala: Most Common Visitors
- Obama Administration Lifts Restrictions On Cannabis Research
- Panda Mom STILL Won’t Share Her Bread!
- Hip-Hop 2014: The Unusual Suspects
- The Cold War Between Oge Okoye And Chioma Toplis And Those Kenya Moore Dogs
When we analyzed these backlinks, we discovered that many links didn’t come from the articles themselves. Instead, they came from unmoderated comment sections, where anyone can leave a comment and add any link to their username without needing any moderator approval. Here’s an example from Midwest Sports Fans:
Others used a technique known as pingbacks, where they are able to link to articles and get automatic links back to their own apps. In this practice, if we were to link to another article that had the pingback feature turned on, that article would automatically link back to us. There’s also a way to create fake pingbacks, a commonly-used blackhat technique.
On this Swedish website, there are already 13,299 comments and pingbacks:
The Midwest Sports Fan page also had its fair share of pingbacks, with two links leading to VPNs on the Play store. The first one goes to Turbo VPN, the current number four:
Both of these – finding unmoderated comments and using the pingback technique – are well-known blackhat SEO tactics to improve rankings. On popular blackhat marketplaces such as SEOclerks, you can find vendors selling these services for just $5:
In fact, these types of pingback (or trackback) links are seen by blackhat SEOs themselves as being the spammiest of all links – meaning you should use them with care since they probably won’t work, or may even decrease your rankings:
Even in the SEOClerks service offer description, it is explained that these pingbacks are intended for buffer sites (intermediary sites that link to the main site). This is because they’re seen as too toxic for any main site – or Google Play app listing.
What’s more surprising isn’t that fraudulent backlinks still work to increase rankings. It’s that the spammiest fraudulent backlinks seem to perform well in manipulating Google Play’s ranking algorithm. This is a disappointing departure from Google’s well-kept and fear-inducing web search algorithm.
Cost to recreate
Again, we went to the top blackhat SEO marketplaces to see how much it would cost to buy the same amount of comment and pingback backlinks. In order to do that, and in order to seriously cut back on the time, we had to make a few quick assumptions.
- We determined that identifying all suspicious backlinks would require a vast amount of resources.
- We analyzed only the 100 most recent backlinks for two better-ranked VPNs (Turbo VPN and SecureVPN) and determined the percentage of suspicious backlinks. “Suspicious” backlinks are determined by topics that do not include VPNs, cybersecurity, privacy, Android apps, apps in general, or anything IT related. Taking the average for both VPN apps, the percentage of unrelated links is 41.5% (Turbo VPN had 47 unrelated links, while SuperVPN had 36 unrelated links).
- From that, we’ll make a rough estimate that the 8 better-ranked apps have a total of 8,315 suspicious backlinks, or 1,039 per app. Note: X-VPN and FREE VPN were removed from the Play store at different times, and we were unable to analyze them for our estimates.
If you were to buy 3,000 spammy backlinks, it would only cost you $5 to get 3x the amount of fraudulent backlinks and help boost your Android app in Google’s Play store.
3. Keyword stuffing
Keyword stuffing is another SEO tactic – either explicitly blackhat, or just generally frowned upon – whereby app developers add a target keyword as many times as possible in order to rank higher.
When looking at the “vpn” keyword in order to determine frequency, we analyzed three aspects: application ID, application title, and application description. Our analysis showed the following:
The better-ranked VPN apps have between 1-3 “vpn” keywords in their title, up to 5 non-brand keywords in their app ID, and a high frequency of “vpn” in their app descriptions.
Our analysis showed that many better-ranked VPNs have the highest frequency of the keyword “vpn” in their title, such as VPN Master – Free unblock Proxy VPN & security VPN. Generally, these free VPN apps also chase the keyword “proxy.” This is pretty bad for readability, but again – these are made not for human eyes, but instead for the algorithm’s sake.
Their app IDs, which are not changeable once created, can also be stuffed with keywords. Here’s an example from JustVPN:
Most of these apps take advantage of their descriptions space to sprinkle in as many “vpn” and “proxy” keywords as possible. Here’s a description from the better-ranked VPN app JustVPN, mentioning the keyword “vpn” 48 times:
Even worse, JustVPN uses competitor VPN brand names in their description:
Cost to recreate
Here, there is no need to look on blackhat marketplaces for keyword stuffing purposes. It can be achieved for free without any nuance or concern for readability, user experience, or likely penalty. App developers can simply create these descriptions themselves and update them based on competition or the need to rank more highly in Google Play’s app store.
For that reason, the cost to stuff keywords is $0.
It is becoming increasingly difficult to manipulate Google’s search algorithm. However, the same doesn’t seem to apply to Google Play store. Using tactics that should induce penalties, many lower-quality apps seem to be ranking highly by manipulating Google Play search results, garnering more than 282 million installs for the “vpn” keyword.
Even worse, they seem to be doing this with cheap blackhat SEO tactics, including:
- Buying low-quality, short app reviews to improve their review scores, costing an estimated $15,744 per app
- Buying comment and pingback/trackback backlinks, at a simple estimated cost of less than $5 per app
- Using the target keyword “vpn” multiple times in their app titles, IDs, and descriptions, leading to disastrous readability
Thus, with less than $16,000 and a simple app, it seems that app developers can gain up to 100,000,000 installs (like Turbo VPN did) and make that money back in a reasonable amount of time, potentially through subscription fees and ad revenue.
All of these tactics have in mind not the user experience, but simply beating Google Play’s algorithm. And, based on these results, they’re succeeding – at a much lower cost and effort than anyone could have imagined.
Here’s the list of the free VPNs manipulating Google Play store search results to appear in the top ten for the keyword “vpn”:
- Secure VPN
- FREE VPN
- Turbo VPN
- Betternet Hotspot VPN
- VPN Proxy Master
- Thunder VPN
- VPN 360
Check out our other research:
Jan is a cybersecurity and consumer protection specialist focused on investigations that help readers navigate the complex infosecurity sphere. His research and commentary has been featured in Forbes, ComputerWeekly, PC Mag, TechRadar, ZDNet, The Mirror, Entrepreneur, and many other leading publications around the world.