Home Technology Fake GPS Apps with 50M Installs Just Show Ads and Run Google Maps – BleepingComputer

Fake GPS Apps with 50M Installs Just Show Ads and Run Google Maps – BleepingComputer

8 min read

19 Android apps with over 50 million installs were found on the Google Play store that state that they are full featured GPS apps, but instead simply show an advertisement and then show Google Maps.

These apps were discovered by ESET Android security researcher Lukas Stefanko who stated that they promote themselves as full featured apps and use screenshots from other legitimate apps to entice users to install them.

Once installed and opened, though, they simply display an advertisement and then open Google Maps or use their API to display the users current location.

Example App discovered by Stefanko
Example App discovered by Stefanko

To illustrate how these apps work, Stefanko created a video where he installed and launched the above app. As you can see, once the app is launched it simply displays an advertisement and then opens Google Maps.

To make matters worse, many of these apps request access to the device’s contacts and request the ability to send text or phone calls.  These are permissions that you would not expect from a GPS program.

Request Access to Phone
Request Access to Phone

Even though there are numerous reviews for each of these apps that indicate that they show too many ads, don’t work as advertised, or simply show Google Maps, some of them have over 5 million installs with thousand of reviews and high ratings.

Reviews for GPS, Maps, Navigations - Area Calculator App
Reviews for GPS, Maps, Navigations – Area Calculator App

Stefanko has also stated that by using Google Maps or their API to create a similar app, they may be violating the Google Maps Platform terms of use.

Part of Google Maps Platform Terms of Use
Part of Google Maps Platform Terms of Use

Below is the list of 19 apps discovered by Stefanko that have at least 1,000,000 installs. Stefanko told BleepingComputer that there are others that perform this same behavior, but did not have the same amount of installs.

Who is making these apps?

At the bottom of each app’s page on the Google Play store is an associated privacy policy and email address. While some of the developers of these apps have legitimate web sites, most are using free web hosting services such as Google Sites, Blogspot, and Weebly to host their privacy policy.

Privacy Policy on Google Sites
Privacy Policy on Google Sites

The app pages indicate that many of them are being developed out of Pakistan, India, or Germany. Furthermore, the templates for the privacy policy pages also indicate that 10 of the apps are coming from just 2 different developers. 

BleepingComputer has contacted three of the email addresses associated with these apps, but had not heard back at the time of this publication.

Faulty review process

After seeing how some of these apps work, it has to make you wonder if there is a functional review process on Google Play. 

Google stated in a blog post from 2015, that apps are reviewed before they are published on Google Play, yet we continue to still see new apps created that violate their policies.

Several months ago, we began reviewing apps before they are published on Google Play to better protect the community and improve the app catalog. This new process involves a team of experts who are responsible for identifying violations of our developer policies earlier in the app lifecycle. We value the rapid innovation and iteration that is unique to Google Play, and will continue to help developers get their products to market within a matter of hours after submission, rather than days or weeks. In fact, there has been no noticeable change for developers during the rollout.

To make matters worse, Stefanko stated that he reported these apps to Google via their security@android.com email address and was told they would take a look. To this day, all of the reported apps are still available.

Let’s block ads! (Why?)

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Brothers At Center Of Jussie Smollett Case Seen In Ride Share Near Location Of Attack, Sources Say – CBS Chicago

CHICAGO (CBS) – The two brothers at the center of the Jussie Smollett case were capt…