The gist is this: Google's Play Books store was plagued by scammy "guide" books that, for a few dollars, promised access to cracked APKs, but in reality provided nothing but scams and malware.
Two of the publishers we mentioned in the post - Monster Guides Editor Pro and leon Master - were removed from the Play Store, but plenty remain, still distributing links to pirated apps and malicious sites, or outright selling the work of legitimate authors.
The scammers we mentioned are just the tip of a giant, toxic iceberg that's been ostensibly floating uninterrupted across the landscape of Play Books, so we thought it would be appropriate to take another look at what's going on in the Play Books store and - hopefully - bring more attention to its disconcerting scam/piracy issues.
Scam Books and Publishers
Since this post went live, it looks like almost all of the publishers we've listed below have been wiped on Play Books. Whether this is because we reported them is unclear, but it's still good news. Hopefully the next step will be easier routes to reporting problematic books, or enhanced moderation of the store before the next crop of scam listings appears.
Do a quick search on the Play Store for "AllCast" and here's what appears:
The issue is obvious: besides the legitimate app entries containing "AllCast," eight entries appear in Books, all with the same icon that - until recently - was used for the app itself. All of these entries are posing as the real app, and they are not only more numerous but also visually larger (by virtue of the book cover aspect ratio) than the app cards above them. Looking past the Roboto Light subheads, it would be easy to select one of these unwittingly.
But that's just one app. Let's see if we can find a few more.
So who is publishing all these fake app books? Running through a search of common app names begins to reveal a pattern. Here's a list of the publishers appearing most often in search results:
- PRO App Review (46 entries)
- Johnny Bravo (100 entries)
- App Review 101 (91 entries)
- Johnny Bravo games Editor Pro (15 entries)
- PRO Review (100 entries)
- Pro Review 101 (100 entries)
- PRO APPS (100 entries)
- SCB GROUP (100 entries)
Many of the publishers top out at 100 entries, which is presumably a limit put on publishers by the Play Store. So at the time of writing, just the list above comprises over 650 books posing as real apps, all with the potential to surface in primary search results as we've just seen.
Many of these listings either pose as the app's official listing by copying its description or explicitly state that they provide cracked or modded versions of apps for download, including paid apps.
Besides posing as apps, what makes these Books entries scams? What exactly is inside these things?
Many of the books simply contain copy/pasted versions of the app's description and screenshots, or installation instructions, followed by third-party download links. The links vary in level of shadiness, leading to sites like 9apps, onhaxfiles (which doesn't appear to be live now), or others.
In our previous post, Ryan picked up an example that lead to Androider, with plenty of intrusive ad techniques and a healthy dose of malware. If you happen to accidentally buy one of the friendlier scam books, your only loss will be paying a few dollars to download an APK file that's already freely available elsewhere. A few apps downloaded from 9apps (linked through scam books) had matching md5 values and file sizes when compared to their official counterparts.
It's worth noting that no books that I tried appeared to be malicious on their own - all relied on links inside the text that directed would-be users to outside websites, malicious or otherwise.
Unlike app listings, there are no links or buttons to report problematic Play Books entries from your mobile device. On desktop, there's a link to "flag as inappropriate," but it isn't specific to Play Books or the individual listing. The page's "content removal form" link sounds promising, but it directs to Google's legal help page, which isn't able to provide much help unless you personally are the owner of a trademark or copyright that's being infringed. So the appropriate method for reporting problematic books like these is unclear from the one link on the page that might explain it.
If you navigate to Google's "help by product type" page though, there's an option for Books, which then lists an option to "report illegal content." That page is here.
Apps Aren't the Only Target
As linked above, The Digital Reader has reported that the Play Books store is also home to plenty of pirated ebooks, meaning that scammy app and game listings aren't the only things being illicitly peddled in the store.
TDR reported hundreds of pirated titles being sold by publisher accounts not associated with the books' original authors. At the time of writing, half of the publishers listed in the report (which we recommend reading here) are still up.
What's more, TDR reported on a Google Play Books rep's response to a Dutch publisher who had reported an instance of piracy. The response essentially explained that, since the publisher had submitted the book through a Publisher Partner account, there was basically nothing to be done outside of contacting the publisher to ask that the content be removed. It's easy to guess how effective this approach would be.
Here's the response:
I checked the link you've shared and noticed that the book in question has been submitted to Google Books by dragonletebooks, through their Partner Program account. As we are not authorized to make changes to a book submitted by a partner through their account, I'd recommend you to contact the publisher directly to request removal of this book. If contacting them doesn't help, and you believe that this listing violates your rights as a copyright holder, you can file a formal legal complaint and our legal team will review the notice promptly.
As Good eReader explains in its coverage of Play Books piracy, the Google Play Books Partners Program allows individuals to sign up as publishers selling books on behalf of authors, making it perhaps easier than it should be for this sort of thing to happen. The second option noted in the response above is reporting content as a copyright holder, but this obviously closes the door for average users to help out by reporting problematic content on their own.
The Bottom Line
The bottom line here is that the Play Books store has loads of listings either selling other people's books or concealing links to APK downloads. Some are malicious, some are just regular scams, but none of them have the involvement of the actual authors or apps' original developers, some of the APKs are cracked or modded (whether that means a claim of unlimited donuts in Simpsons: Tapped Out, or a "free" version of AVG's Antivirus Pro app), and all of these books are paid.
I try to avoid using the phrase "Google needs to..." in any post, but considering the number of scam books and the lack of immediate clarity on how to report the content from each listing, there is an obvious problem. Without context, it's hard to say what the moderation process is like for Play Books, but considering that many of the listings we reported were up for weeks or months prior to this post, and that the proper channels for reporting books aren't listed on any Play Books listing, there's clearly a problem. Google has even had to deal with fake sales like the $0.99 Game of Thrones bundle that popped up recently.
The propagation of scam book listings is particularly bewildering when we think back to all the expedient (and typically vague) app takedowns we've seen in the past, with apps falling over screenshots, "impersonation," and more. It's possible that these examples are more salient to us because the apps were (and are) beloved by the community. At any rate, it goes without saying that Google's aggressive approach to removing apps isn't perfect. But the disparity between the apparent approach to moderating apps and moderating books is certainly startling.