• mobisec8

Another morning another fake apps attack...

One of the purported benefits of modern day app stores is to make it easier for companies to review and ensure that the software you download isn’t harmful or malicious.

But with upwards of 2.1 million apps on Google Play, sometimes things slip through the cracks, which seems precisely how at least 19 different free navigation apps were found to actually be knock-offs based on Google Maps saddled with an extra layer of ads.

First discovered by ESET malware researcher Lukas Stefanko, the 19 apps he tested were navigation apps with over 1 million installs each, totaling a combined install base of more than 50 million.

Sadly, despite claims that these apps can help users map their routes or include tools such as a compass or speedometer, every single app ended up relying on Google Maps or its related API to perform the real work.

The main difference between these knock-off apps and real Google Maps usually came down to a redesigned home screen with a tweaked or sometimes stolen UI that functioned as way to serve up ads while also masking the fact the app was really running off of Google’s data all along.

They attract potential users with fake screenshots stolen from legitimate Navigation apps.

To make things a bit more concerning, a few of these Google Maps clones sometimes asked for permissions to access a device’s phone dialer and other services that a map app typically wouldn’t need, something that could pose a potential security risk.

What’s even more annoying is that despite a number of one star reviews for these apps trying to alert other users that these Google Maps knock-offs weren’t legit, many still maintained overall ratings above 4 stars.

Thankfully, it seems many of these apps are in violation of Google Maps’ terms of use, which generally states that customers are not allowed to re-distribute or create substitutes for Google Maps Core Services and pass them off as if they were something else.

Stefanko has since reported the 19 offending apps he found, and while some like the one pictured above are still available, others have been already been removed from the Play Store.

In the end, the big takeaway from all this may be a reminder that there are only a handful of companies such as Google, Apple, Here, and a few others that actually have the capacity to gather highly detailed mapping info.

So unless you really like a specific app’s special features like the crowdsourced alerts you get in Waze (which is owned by Google and relies on Google Maps for general location info), it’s probably best to just go straight to the source and use one of the big map apps instead.

Now in a real life scenario, when you users are connected to company resources like email, file server, CRM or ERP or even maybe accounting or banking systems and still can install any app from Google Play, you must provide the way to protect your organization's assets from malicious apps. When it comes to mobility management and protection, Mobisec technologies is the leading and most experienced professional services team in Israel since 2011, with hundreds of mobility management and mobile protection implementations in the leading organizations in Israel. Contact us:

17 views0 comments