Guide
Real vs Fake Testers for Google Play Closed Testing: How Google Detects Fraud
July 12, 2025 · 7 min read
By the TesterBee Team, built by developers who have been through Google Play Closed Testing requirements
Google does not publish its fraud detection methods, but rejection patterns from hundreds of developers reveal exactly what gets flagged. If your testers trigger any of these signals, your production access application will be rejected — and you will restart your 14-day clock.
What Google Checks
Google’s review combines automated systems with human evaluation. The automated layer scans for:
- Device authenticity (physical vs. emulated)
- Account authenticity (real Google accounts vs. throwaways)
- Network diversity (unique IPs vs. shared connections)
- Behavioral patterns (organic usage vs. scripted/bot behavior)
- Tester relationships (independent users vs. coordinated groups)
When the automated layer flags suspicious activity, a human reviewer examines the pattern. Surface-level compliance does not survive human review.
Signal 1: Emulators and Virtual Devices
How Google detects them: Android emulators and cloud devices lack physical hardware sensors (GPS, accelerometer, gyroscope, ambient light sensor). They report generic build fingerprints (e.g., “generic_x86” or “goldfish”). Google Play Services collects device hardware profiles and compares them against known physical device signatures.
What gets flagged:
- Any tester using Android Emulator, Genymotion, BlueStacks, or similar
- Any tester using cloud device farms (BrowserStack, AWS Device Farm, Firebase Test Lab)
- Virtual machines running Android x86
How to avoid: Every tester must use a physical Android phone or tablet. Ask testers to send a photo of your app running on their device. A screenshot is not sufficient — screenshots can be faked. A photo of the physical device with your app on screen is verifiable.
Signal 2: IP Address Clustering
How Google detects it: Google logs the IP address of every app session. When multiple testers connect from the same IP address, it suggests they are in the same physical location — same household, same office, or same VPN server.
What gets flagged:
- 3+ testers sharing one external IP address
- Testers on the same /24 subnet (same organization or ISP node)
- Testers connecting through known VPN exit nodes
- IP addresses that geolocate to data centers instead of residential ISPs
How to avoid: Testers should connect from distinct networks. Different households. Different cities. Different ISPs. If two testers are in the same household (e.g., siblings), that is acceptable if it is only two — but 6 testers on one home Wi-Fi is a rejection trigger.
Signal 3: Account Freshness
How Google detects it: Google account creation dates are tracked. A cluster of accounts created on the same day or same week that immediately begin testing the same app suggests accounts created solely for testing.
What gets flagged:
- Multiple tester accounts created within days of testing start
- Accounts with no prior app installs, reviews, or Play Store activity
- Accounts used only for testing — no other app usage history
How to avoid: Use testers with established Google accounts — accounts that have existed for months or years with normal Play Store activity (other app installs, reviews, purchases).
Signal 4: Identical Device Fingerprints
How Google detects it: Every Android device has a unique combination of hardware identifiers, build properties, screen resolution, and sensor configurations. Two “different” devices that report identical fingerprints suggest the same device with multiple accounts.
What gets flagged:
- Multiple testers on the exact same device model with identical build numbers and security patch levels
- Testers all using the same device (e.g., all 12 testers on Samsung Galaxy S23)
- Identical screen resolutions, DPI, and Android version across tester group
How to avoid: Ensure device diversity — at least 4 different manufacturers and 3 different Android versions across your tester group. Samsung + Xiaomi + OnePlus + Pixel across Android 12, 13, 14, and 15 is a strong diversity profile.
Signal 5: Coordinated Behavior
How Google detects it: Machine learning models analyze session timing, feature usage sequences, and engagement patterns. Human testers exhibit randomness. Bots and coordinated groups exhibit uniformity.
What gets flagged:
- All testers opening the app at the same time each day (suggesting scripted behavior or a single person operating multiple devices)
- Identical feature usage sequences across testers (tap A, tap B, tap C in identical order)
- Identical session durations (all sessions exactly 3 minutes)
- Testers who never trigger crash reports or error states — real usage produces some errors
How to avoid: Testers should use the app naturally. Different times of day. Different features. Different session lengths. Do not give testers a script to follow — give them the app and ask them to use it as they would any other app they downloaded.
Signal 6: Tester-Sharing Rings
How Google detects it: Google maps relationships between developer accounts and tester accounts. When the same tester accounts appear across multiple developers’ Closed Testing tracks in a short period, it suggests a tester-sharing ring.
What gets flagged:
- The same Google accounts testing for multiple developers simultaneously
- Tester accounts that have participated in Closed Testing for 5+ different apps
- Reciprocal patterns: developer A’s testers are developer B, and developer B’s testers are developer A
How to avoid: If using exchange groups, limit reciprocal testers to 4-6 of your group. Fill the rest through independent methods. Better: use testers who are not also developers running their own Closed Testing tracks.
Signal 7: Engagement That Looks Scripted
How Google detects it: Google tracks session quality metrics — time between app open and first interaction, scroll depth, tap targets, and navigation paths. Human usage is messy. Scripted usage is clean.
What gets flagged:
- Sessions that start, register exactly 3-5 taps in predictable UI locations, and end
- Testers who never trigger edge cases (e.g., rotating the device, pressing back rapidly, minimizing and reopening)
- Zero uninstall/reinstall events — real testers sometimes uninstall and reinstall
How to avoid: Ask testers to explore the app organically. Tell them: “Use this like you would any app you downloaded. Try different things. If something breaks, tell me.” Organic exploration produces the messy, varied engagement patterns that look real to Google.
How to Guarantee Authentic Testers
| Signal | How TesterBee Handles It |
|---|---|
| Real devices | 100% physical Android devices, verified at onboarding |
| IP diversity | Testers across 80+ countries on residential ISPs |
| Account history | Testers use their personal, established Google accounts |
| Device diversity | Samsung, Xiaomi, Pixel, OnePlus, Oppo, Motorola across Android 12-15 |
| Independent behavior | Testers use the app naturally — no scripts, no coordination |
| No sharing rings | Testers are not developers running their own testing tracks |
If you are recruiting testers yourself, use the checklist above to vet each tester. The fastest way to waste 14 days is to complete testing with testers Google flags as inauthentic.
Frequently Asked Questions
Can Google detect if I paid for testers?
Google does not care whether you paid for testers. Google cares whether your testers are real people on real devices engaging genuinely with your app. Paid testers who are real people using real devices pass review. Free testers using emulators and shared accounts do not.
What if one of my testers uses a VPN?
A single tester on a VPN may not trigger rejection, but it adds risk. If the VPN IP geolocates to a data center, it could be flagged. Ask testers to disable VPNs while testing your app.
Can I test on my own device as one of the 12?
No. Your own device usage does not count toward the 12-tester minimum. You are the developer, not an independent tester. You need 12 external testers in addition to yourself.
Need 12 testers for your app?
Get 12 verified testers. 14-day engagement guarantee. Complete your Closed Testing requirement with confidence.
Get 12 Testers Now