One of the purported benefits of modern day app stores is to make it easier for companies to review and ensure that the software you download isn’t harmful or malicious. But with upwards of 2.1 million apps on Google Play, sometimes things slip through the cracks, which seems precisely how at least 19 different free navigation apps were found to actually be knock-offs based on Google Maps saddled with an extra layer of ads.
First discovered by ESET malware researcher Lukas Stefanko, the 19 apps he tested were navigation apps with over one million installs each, totalling a combined install base of more than 50 million.
Sadly, despite claims that these apps can help users map their routes or include tools such as a compass or speedometer, every single app ended up relying on Google Maps or its related API to perform the real work.
I tested over 15 fake GPS Navigation apps with over 50,000,000 installs from #GooglePlay that violate Google rules.
These apps just open Google Maps or use their API without any additional value for user, except for displaying ads.
Some of them don’t even have proper app icon. pic.twitter.com/eeIFQS5IVU
— Lukas Stefanko (@LukasStefanko) January 17, 2019
The main difference between these knock-off apps and real Google Maps usually came down to a redesigned home screen with a tweaked or sometimes stolen UI that functioned as way to serve up ads while also masking the fact the app was really running off of Google’s data all along.
To make things a bit more concerning, a few of these Google Maps clones sometimes asked for permissions to access a device’s phone dialler and other services that a map app typically wouldn’t need, something that could pose a potential security risk.
What’s even more annoying is that despite a number of one star reviews for these apps trying to alert other users that these Google Maps knock-offs weren’t legit, many still maintained overall ratings above four stars.
Thankfully, it seems many of these apps are in violation of Google Maps’ terms of use, which generally states that customers are not allowed to re-distribute or create substitutes for Google Maps Core Services and pass them off as if they were something else.
Stefanko has since reported the 19 offending apps he found, and while some such as the one pictured above are still available, others have been already been removed from the Play Store.
In the end, the big takeaway from all this may be a reminder that there are only a handful of companies such as Google, Apple, Here and a few others that actually have the capacity to gather highly detailed mapping info.
So unless you really like a specific app’s special features such as the crowdsourced alerts you get in Waze (which is owned by Google and relies on Google Maps for general location info), it’s probably best to just go straight to the source and use one of the big map apps instead.
[via Bleeping Computer]