Fake Google Android driving apps claim half a million victims

Updated: The illegitimate apps include luxury car and motocross simulations.

Over half a million Google Android users have downloaded a set of driving apps with absolutely no legitimate functions.

According to ESET security researcher Lukas Stefanko, the apps, published by a developer under the name Luiz O Pinto, account for at least 560,000 installs.

There are 13 applications in total, all of which relate to driving simulation in some way.

The Android apps include a truck cargo simulator, luxury car driving, motocross, and fire truck simulations, some of which displayed with very similar graphics to alternative, legitimate applications.

screenshot-2018-11-20-at-13-19-33.png
Lukas Stefanko

Once installed, the apps demonstrate no legitimate functionality. Instead, the apps hide themselves and their shortcut icons, requesting that the user download and install an additional .APK at the same time.

If consent is granted, the app then displays ads without permission when the mobile device is unlocked. Some previous users have reported that the apps also caused severe device slowdown.

CNET: Google may offer 'Play Pass' subscription service for Android apps, games

The apps were reported and at the time of writing, appear to have been removed from the Google Play Store.

However, according to Forbes, while they were still active and published, a number of users realized the apps were fraudulent.

In the case of the fraudulent Luxury Cars SUV Traffic app, for example, one user warned in a review that "the app tries to update via unknown sources. Most likely very unsafe." In addition, downloaders realized that the icon had gone missing after installation.

TechRepublic: Why cryptocurrency needs to get more user-friendly to achieve mainstream success

It appears that the apps may have been adware-based rather than used for more severe privacy violations or the deployment of malware. Such practices force users to view adverts and are used to earn money fraudulently for publishers, hoodwinking ad networks out of legitimate views and causing severe annoyance to those whose devices are infected with such software.

If you believe you are a victim, an anti-virus scan should clean up your mobile device for you. Alternatively, uninstalling the app directly from Android settings is possible.

See also: This Trojan masquerades as Google Play to hide on your phone in plain sight

Update 10.42 GMT:

"Providing a safe and secure experience for our users is our top priority," a Google spokesperson told ZDNet. "We appreciate the researcher's report and their efforts to help make Google Play more secure. The apps violated our policies and have been removed from the Play Store."

Previous and related coverage