A security researcher with antivirus maker ESET has discovered a collection of 19 Android apps that pose as GPS applications but which don't do anything but show ads on top of the legitimate Google Maps service.
"They attract potential users with fake screenshots stolen from legitimate Navigation apps," said Lukas Stefanko, the ESET researcher who found them, who pointed out the 19 apps have been downloaded more than 50 million times.
The apps "pretend to be full featured navigation apps, but all they can do is to create useless layer between User and Google Maps app," the researcher said.
Stefanko says that the apps don't have any actual "navigation technology" and they only "misuse Google Maps."
"Once user clicks on Drive, Navigate, Route, My Location or other option, Google Maps app is opened," Stefanko said.
Furthermore, one of the apps, named "Maps & GPS Navigation: Find your route easily!," even has the gall to request payment to remove ads, which it's showing on top of an already freely available service like Google Maps.
The apps' names and links, as provided by Stefanko to ZDNet, are:
- GPS Maps, Route Finder - Navigation, Directions
- GPS, Maps & Navigation
- GPS Route Finder - GPS, Maps, Navigation & Traffic
- GPS, Maps, Navigations - Area Calculator
- GPS , Maps, Navigations & Directions
- Maps GPS Navigation Route Directions Location Live
- Live Earth Map 2019 - Satellite View, Street View
- Live Earth Map & Satellite View, GPS Tracking
- Traffic Updates: GPS & Navigation
- Free-GPS, Maps, Navigation, Directions and Traffic
- Voice GPS Driving Directions, Gps Navigation, Maps
- GPS Live Street Map and Travel Navigation
- GPS Street View, Navigation & Direction Maps
- GPS Satellite Maps
- Free GPS, Maps, Navigation & Directions
- Maps & GPS Navigation: Find your route easily!
- Voice GPS Navigation Maps Driving
- GPS Navigation & Tracker
- GPS Voice Navigation Maps, Speedometer & Compass
Stefanko said he reported all apps to Google's Play Store staff more than a month ago. While the apps aren't malicious, you'd think Google would be interested in removint these apps, as all break Google's own Maps Platform licensing terms, which according to paragraph 3.2.4 (c), prohibits third-parties from using the Maps platform to power a similar service.
ZDNet has sent a request for comment to Google regarding the issue raised by Stefanko today and will update when we receive a response. The researcher also shared a video of one of the apps in action, wrapping original Google Maps functionality and pestering the user with ads.
Purpose of these apps is ad revenue (easy money). They don't have any Navigation technology or know-how, they only misuse Google Maps.
— Lukas Stefanko (@LukasStefanko) January 17, 2019
Once user clicks on Drive, Navigate, Route, My Location or other option, Google Maps app is opened.
I reported it month ago. pic.twitter.com/ZB1j1GsBC8
Many of 2018's most dangerous Android and iOS security flaws still threaten your mobile security
More security coverage:
- Real-time location data for over 11,000 Indian buses left exposed online
- Hackers breach and steal data from South Korea's Defense Ministry
- Fortnite security issue would have granted hackers access to accounts
- Google Chrome extension that steals card numbers still available on Web Store
- Advertising network compromised to deliver credit card stealing code
- WordPress to show warnings on servers running outdated PHP versions
- Firefox warns if the website you're visiting suffered a data breach CNET
- Marriott reveals data breach affecting 500 million hotel guests TechRepublic