How google connect the accounts?

3 banned accounts yesterday.

3 virtual machines with different ips, apps, keys, cards, address etc. Nothing connect them.

How google connect the accounts?

virtual machines running on same host? You used VMWare or VirtualBox?

Will using vmware different from virtual box?

For handling different accounts you should have different keystores created in different machines

Interesting, is there a some kind of unique string inside of the keystore that links it to a specific machine???

I am sure I’ve read about people on here purchasing new laptops in order to compile new apps and generate new keystores. Please correct me if I am wrong.

Just found this post…

so this guy did everything… and google still detected it can only be a few things:

App description on google play store
Code structure
SHA-1 keys assigned in the META file
Keystore contents encrypted with some kind of information that relates to the code

I can confirm keystores have nothing to do with bans, Made ton of apps using same keystore on multiple accounts and had one account banned and other accounts are just fine.

Really? How about package name?

IMO it can’t be package name, its not unique or reliable enough.

My 2 cents

Possibility # 1:

When you first started developing for Android:

  1. You set up your original developer account with your google account.
  2. Then you set up your phone or tablet with the same google account to access google play for testing your apps.

The device and the dev account are now linked forever.

Now you got banned and created a new google account and test the new apps on the same device associated with the old account.

It’s possible it’s your testing device.

Possibility # 2:

Google uses statistical analysis for EVERYTHING.

You may have been banned without google knowing of your previous accounts at all. You just have a highly suspicious account.

What we don’t know is, how far will google go to look for illegal accounts?

Will they look to see if you uploaded apps too fast after a new account is created?
Will they look to see if you navigate the dev account like you know it like the back of your hand after a new account is created?

That’s all easy easy stuff to track. In other words, it’s easy to tell a novice user of the dev account vs. an experienced one. But do they go that far?

The point is, to cover all the bases, when you create a new account act like you did when you created your very first one in every way.

Thats a very good idea, will test and scrren my apps only on virtual devices.

Lets assume that i repost 10 banned apps to new 2 accounts, and i dont want theese accounts to be banned for Prior. Let them just be removed for Intelectuaul Properties (IP). its ok.
New virtual box, ip, packages, keystores, diffrent cc, or bought account from various vendors.

What about:

  1. Eclipse. If i copy one zip with unpacked eclipse to all virtuals can it be detected? Workspace is new of course. Don talk about keys and packagest its obvious thay are new.

  2. Eclipse. I use svn for my projects in every eclipse. Can it be detected and accounts connected?

  3. Eclipse. Source code match. Lets assume i bought code form or another source code market, changed assets and res folder and publish. Mine and other developers apps can be connected by some source code patters? if java code is 100% identical? I use 1 lib with all code for all projects.

  4. Market. Icon and scrrens. Should i completley redesign new icons and make news screens (hard way) or just resave with minor changes to avoid checksum match? What about googles’ apgorithm “find similar pictures”?

  5. Market. Description. Just change some words or completely new (hard way). What about google’s text search engines that can detect any similar texts?

  6. Windows details. When u open dev console google gathers some windows and browser info (pc name, win ver, browser ver etc) maybe there is something in VirtualBox’s windows thats is identical for all VirtualBox machines? Same with WMware but.

  7. Browser. If u use chrome… i dont know what chrome can send to google, i thing almost everithing.

  8. What else? Any ideas? How to avoid priors and connected accounts issues?

Email me or skype if you what to share experience. I got a lot of bans :slight_smile:

They change algoritm about 15-20 days back.
Now they scan some in our apk.
Before uploading all accounts stay live. After uploading 1-3 days and ban account.
Its is not MAC - tested !
Its not a title and desc an icons - tested !
Its not HWID ( HDD ID ) - tested !
It some inside APK. some ID or KEY. Not tested

One of my new apk stay alive with new account.
One account was killed after 2 days with new not uploaded before apk.
One account was killed before publish. I only upload apk and in next day when i want publish apk -account already was killed.

Has you or anyone tried to compile the exact same code, on a different machine and then upload it to the Google Play?

It must be something inside the APK relating to the machine that you’re compiling that code in a .apk from OR when you’re signing it…

I do believe someone on this forum already confirmed its nothing to do with signing as they having been using a key relating to a previously banned app to re-upload the same app to a new account and have got away with it.

Yes tested its not help. New MAC and HWID not help too. Maybe they start manual app check like apple

hmmm I did think this myself, but now I don’t.

How are websites like getting away with it? They must use the same code all the time.

have you tried using proguard to encrypt your code.

I know than few days ago they changed the way new apps appears on market. Some kind of automatic premoderation. If in tiltle of your app is some illegal keywords (Angry Birds etc) in wont be published as usual in 1-3 hours and then will be removed for IPvio.

About “some ID or KEY in apk”, what about to make a simple test:

  • Publish app
  • wait until its available on market
  • setup apk (and some how grab that apk as file, i dont know how to do this but its possible cause all my apps are on another markets)
  • decompile both apk and compare.

And when you republish your apk again on new virtual with new eclipse and keystore you can see every line that is compiled in apk. Where it is or what ID or key do you mean?

I did not sign my apk files with eclipse but direct with JarSigner.
Yet he banned 3 accounts, but the strange thing is that other 3 accounts were not banned.

It’s impossible to really understand the rules.

its not source code
its not computer IP address
its not app name, icon and description
its not using same computer (by using VM)

its the signing key
its same credit/debit card
its chrome browser
its same phone number
its timing of update/publish similar apps on multiple accounts

may be there are “it is” and “it is not” in the above list.

For web search, google uses over 200 signals to decide web spam. They won’t keep it so simple and dependent on one factor when it comes to android market.

I have 8 accs with apps + 2 clear accounts on one phisical pc with WMware, all accounts were banned for prior after first account ban. its cc card (all virtual from one suplier) or wmare. Maybe both factors.

keystore is different for each account, its maddnes to use one key for more then 1 acc. it takes 30 sec to generate new.

i used ff for publishing

yes this can be it cause i can publish app in 1 min just clicking right buttons, not like new user, but… who knows what is right speed of click? should i do missclicks?

What do you think is proper frequency for app publishing? lets say i have to publish 10 apps for 1 acc. 2 per day? 5 per week?

The only way I have got past this is re-coding my apps from the bottom up and compiling them on a “fresh” machine (real PC not virtual)…this is such a ball ache tho