The more Google works towards making apps on its Play Store secure and less intrusive for users, the more skeletons seem to be tumbling out of the cupboard as it were.
Despite Google’s screening process to detect fake app on the Play Store, 15 GPS and navigation apps that have been found to be fake, were spotted on the virtual store. Put together, the apps reportedly have over 50 million installations.
Prominent malware expert at ESET, Lukas Stefanko unearthed the malicious navigation apps, which just open Google Maps or use their API to only display ads.
The purpose of these fake GPS apps is to earn easy money by duping users into downloading their app and then forcing them to pay up to remove the ads. Some other apps also asked access to the Android device’s dialer and other permissions that a navigation app would generally not need and could very well pose a security risk for the user.
These apps, which includes the like of GPS Route Finder, GPS Live Street Maps and Maps GPS Navigation among others, as Stefanko pointed out in a series of Tweets, don’t provide any additional service of their own to the users.
Earlier this month, Google removed 85 malicious apps from its Play Store. These adware apps were disguised in the form of gaming and remote control simulator apps and had been downloaded over 9 million times from Google’s app store. And now, less than a month later, a new set of apps have been spotted violating the company’s Play Store guidelines.
Google, however, quickly reacted and moved in to do damage control. Many of the apps identified by Stefanko have since been removed from the Play Store. This time, a majority of them are in the GPS and navigational systems areas. And these apps have already been downloaded and are used by over 50 million users worldwide. These people would not have known that what they are using are not official Google apps but mere fake ones. Some have been seen just popping up ads on the mobile phone screens of the users. Google has a nice policy for these things in place but the app operators have been exploiting the weakness in the Google ecosystem that lets them pass through and operate with impunity.