More than a dozen free navigation apps on the Google Play Store with collective downloads of over 50 million turned out to be nothing more than Google Maps with ads.
The discovery was made by Lukas Stefanko, a malware researcher at ESET, who tweeted the details of what he found.
I tested over 15 fake GPS Navigation apps with over 50,000,000 installs from #GooglePlay that violate Google rules.
These apps just open Google Maps or use their API without any additional value for user, except for displaying ads.
Some of them don't even have proper app icon. pic.twitter.com/eeIFQS5IVU
— Lukas Stefanko (@LukasStefanko) January 17, 2019
Stefanko said that the 19 fake navigation apps only created a “useless layer” of ads between Google Maps and the user, and used screenshots grabbed from legitimate navigation apps for their listings.
The purpose of the fake navigation apps is, of course, to make money through the embedded ads. One of the apps that Stefanko tested even asked for a payment so that the ads will be removed, when Google Maps is entirely free and without ads in the first place. Alarmingly, some of the apps asked for access to the Android device’s dialer and other permissions that a navigation app would not need, which may present security risks for users.
Stefanko has reported the apps to Google for violating the Google Maps terms of use, which prohibit developers from redistributing the app. Some of the offending apps have been taken down, but unfortunately, some still remain available on the Google Play Store.
The Google Play Store has measures in place to make sure that fake and potentially dangerous software, such as these rehashed Google Maps apps, will not find their way to the service. For example, Google deployed a new system combining human intelligence and machine learning to detect fake ratings and reviews on the Google Play Store.
However, with more than 2 million apps available on the Google Play Store, it is inevitable that some fake and/or malicious apps will slip through the safety nets. Stefanko also recently found four fake cryptocurrency apps on the service that attempted to phish the user’s login details or impersonate cryptocurrency wallets.
The lesson here is that users should be very skeptical of anything they download onto their smartphone. One of the best practices is to only trust apps made by well-known companies. Only Google, Apple, and a handful of other companies are capable of gathering the data for capable navigation apps, so those with unknown developers should already raise a red flag.
Editors' Recommendations
- Android rebrands mobile security measures under one umbrella
- Google finally adds streaming to YouTube Music on Wear OS
- Pixel 6a challenges Samsung for the ‘default’ Android crown
- When is my phone getting Android 12?
- iOS 16: Everything we know about the iPhone’s next update
