The Google Play Store is the main app store for the biggest mobile operating system on the planet. It is home a to a whopping 2.1 million apps. The market is booming, and it offers up plenty of choice, but the sheer size of it means it can be hard to police every new app that becomes available. This has led to plenty of fake apps getting through Google’s security web and making their way onto the Android app store. Security researcher Lukas Stefanko has found 19 such apps that all have something in common.
These 19 navigation apps are just Google Maps with extra ads bolted on
Stefanko reports that the 19 navigation apps he tested all have more than 1 million installs each and between them have been installed over 50 million times. In the series of tweets Stefanko published to raise awareness of the apps and this type of issue, Stefanko said, “These apps pretend to be full featured navigation apps, but all they can do is to create useless layer between User and Google Maps app. They attract potential users with fake screenshots stolen from legitimate Navigation apps.” Although the apps present themselves as being unique and can even have their own UI experience when opened, as soon as the user begins navigating, the app opens Google Maps.
Purpose of these apps is ad revenue (easy money). They don’t have any Navigation technology or know-how, they only misuse Google Maps.
Once user clicks on Drive, Navigate, Route, My Location or other option, Google Maps app is opened.
I reported it month ago. pic.twitter.com/ZB1j1GsBC8
— Lukas Stefanko (@LukasStefanko) January 17, 2019
The main reason these types of scam app exist is to raise revenue through ad placement. With over 1 million installs each, these apps will be able to raise quite a bit of money by inserting ads into each user’s navigation process. One of the apps Stefanko tested even offered an in-app-purchase that would remove the ads in exchange for a payment.
Unfortunately, however, some of the apps went further than this and asked for strange permissions like access to the phone’s dialer. In itself, this represents an extra security risk on top of the annoyance of having extra ads pop up every time you want to find out how to get somewhere.
Worryingly, for Google and users of the Google Play Store, three of the scam apps came up as the top three Recommended for you apps when Stefanko opened the Maps and Navigation section of the Play Store. Furthermore, Stefanko only tested apps with more than 1 million downloads. As none of the other recommended Maps and Navigation apps were from reputable companies like TomTom or Waze, there is a good chance some of the other top apps were fake too.
What this all shows is that Google still has a large fake app problem with the Play Store. To ensure you only install legitimate apps always follow the steps laid out in this tutorial. It also shows, however, that if you’re looking to download a navigation app, you’re best sticking with one of the big boys. There aren’t many big tech companies who are able to collect the huge amounts of detailed mapping data needed to create a reliable navigation app, as this new deal between Apple and DuckDuckGo highlights.