A security researcher with antivirus maker ESET has discovered a collection of 19 Android apps that pose as GPS applications but which don't do anything but show ads on top of the legitimate Google Maps service.
"They attract potential users with fake screenshots stolen from legitimate Navigation apps," said Lukas Stefanko, the ESET researcher who found them, who pointed out the 19 apps have been downloaded more than 50 million times.
The apps "pretend to be full featured navigation apps, but all they can do is to create useless layer between User and Google Maps app," the researcher said.
Stefanko says that the apps don't have any actual "navigation technology" and they only "misuse Google Maps."
"Once user clicks on Drive, Navigate, Route, My Location or other option, Google Maps app is opened," Stefanko said.
Furthermore, one of the apps, named "Maps & GPS Navigation: Find your route easily!," even has the gall to request payment to remove ads, which it's showing on top of an already freely available service like Google Maps.
The apps' names and links, as provided by Stefanko to ZDNet, are:
Stefanko said he reported all apps to Google's Play Store staff more than a month ago. While the apps aren't malicious, you'd think Google would be interested in removint these apps, as all break Google's own Maps Platform licensing terms, which according to paragraph 3.2.4 (c), prohibits third-parties from using the Maps platform to power a similar service.
ZDNet has sent a request for comment to Google regarding the issue raised by Stefanko today and will update when we receive a response. The researcher also shared a video of one of the apps in action, wrapping original Google Maps functionality and pestering the user with ads.
Purpose of these apps is ad revenue (easy money). They don't have any Navigation technology or know-how, they only misuse Google Maps.
— Lukas Stefanko (@LukasStefanko) January 17, 2019
Once user clicks on Drive, Navigate, Route, My Location or other option, Google Maps app is opened.
I reported it month ago. pic.twitter.com/ZB1j1GsBC8