One of the purported benefits of modern day app stores is to make it easier for companies to review and ensure that the software you download isn’t harmful or malicious. But with upwards of 2.1 million apps on Google Play, sometimes things slip through the cracks, which seems precisely how at least 19 different free navigation apps were found to actually be knock-offs based on Google Maps saddled with an extra layer of ads.
First discovered by ESET malware researcher Lukas Stefanko, the 19 apps he tested were navigation apps with over 1 million installs each, totaling a combined install base of more than 50 million. Sadly, despite claims that these apps can help users map their routes or include tools such as a compass or speedometer, every single app ended up relying on Google Maps or its related API to perform the real work.
The main difference between these knock-off apps and real Google Maps usually came down to a redesigned home screen with a tweaked or sometimes stolen UI that functioned as way to serve up ads while also masking the fact the app was really running off of Google’s data all along.
To make things a bit more concerning, a few of these Google Maps clones sometimes asked for permissions to access a device’s phone dialer and other services that a map app typically wouldn’t need, something that could pose a potential security risk.
Stefanko has since reported the 19 offending apps he found, and while some like the one pictured above are still available, others have been already been removed from the Play Store.
In the end, the big takeaway from all this may be a reminder that there are only a handful of companies such as Google, Apple, Here, and a few others that actually have the capacity to gather highly detailed mapping info. So unless you really like a specific app’s special features like the crowdsourced alerts you get in Waze (which is owned by Google and relies on Google Maps for general location info), it’s probably best to just go straight to the source and use one of the big map apps instead.
[via Bleeping Computer]