19 Android apps with over 50 million installs were found on the Google Play store that state that they are full featured GPS apps, but instead simply show an advertisement and then show Google Maps.
These apps were discovered by ESET Android security researcher Lukas Stefanko who stated that they promote themselves as full featured apps and use screenshots from other legitimate apps to entice users to install them.
Once installed and opened, though, they simply display an advertisement and then open Google Maps or use their API to display the users current location.
To illustrate how these apps work, Stefanko created a video where he installed and launched the above app. As you can see, once the app is launched it simply displays an advertisement and then opens Google Maps.
Purpose of these apps is ad revenue (easy money). They don’t have any Navigation technology or know-how, they only misuse Google Maps.
Once user clicks on Drive, Navigate, Route, My Location or other option, Google Maps app is opened.
I reported it month ago. pic.twitter.com/ZB1j1GsBC8
— Lukas Stefanko (@LukasStefanko) January 17, 2019
To make matters worse, many of these apps request access to the device’s contacts and request the ability to send text or phone calls. These are permissions that you would not expect from a GPS program.
Even though there are numerous reviews for each of these apps that indicate that they show too many ads, don’t work as advertised, or simply show Google Maps, some of them have over 5 million installs with thousand of reviews and high ratings.
Below is the list of 19 apps discovered by Stefanko that have at least 1,000,000 installs. Stefanko told BleepingComputer that there are others that perform this same behavior, but did not have the same amount of installs.
Who is making these apps?
BleepingComputer has contacted three of the email addresses associated with these apps, but had not heard back at the time of this publication.
Faulty review process
After seeing how some of these apps work, it has to make you wonder if there is a functional review process on Google Play.
Google stated in a blog post from 2015, that apps are reviewed before they are published on Google Play, yet we continue to still see new apps created that violate their policies.
Several months ago, we began reviewing apps before they are published on Google Play to better protect the community and improve the app catalog. This new process involves a team of experts who are responsible for identifying violations of our developer policies earlier in the app lifecycle. We value the rapid innovation and iteration that is unique to Google Play, and will continue to help developers get their products to market within a matter of hours after submission, rather than days or weeks. In fact, there has been no noticeable change for developers during the rollout.
To make matters worse, Stefanko stated that he reported these apps to Google via their firstname.lastname@example.org email address and was told they would take a look. To this day, all of the reported apps are still available.