Home » News » Google removes stalkerware apps after researchers discover trackers on Play Store

Google removes stalkerware apps after researchers discover trackers on Play Store

Taken From CNET.COM

You’d think it would be difficult to find an app that can secretly track a person’s every move. But researchers have found them right in the open on Google’s Play Store.

Antivirus company Avast said Wednesday that it’s found seven stalkerware apps available on Android’s market. In all, they had been installed more than 130,000 times. Google removed four of the apps after Avast reported the privacy violations on Tuesday, and removed the last three on Wednesday. 

Google said its policy prohibits commercial spyware apps and encourages people to report any apps that violate its standards.

Stalkerware apps often pose as software designed for children’s safety or finding stolen phones, but they are mostly used for abusers stalking people in personal relationships. They have the ability to track and send location data, as well as provide contacts, call logs and text messages.

On “Spy Tracker,” an app that promotes itself as a way to keep kids safe, the majority of the reviews are centered around surveilling their significant others. The attackers need physical access to the victims’ devices to install these apps, but can keep them relatively hidden as they secretly track a person’s every move. 

Once installed on a device, the attacker can get real-time location data and call logs without the victim ever knowing. - Avast

Once installed on a device, the attacker can get real-time location data and call logs without the victim ever knowing. – Avast

“These apps are highly unethical and problematic for people’s privacy and shouldn’t be on the Google Play Store, as they promote criminal behavior, and can be abused by employers, stalkers or abusive partners to spy on their victims,” Nikolaos Chrysaidos, Avast’s head of mobile threat intelligence and security, said in a statement. “Some of these apps are offered as parental control apps, but their descriptions draw a different picture, telling users the app allows them to ‘keep an eye on cheaters.'”

It’s hard to tell if your device has stalkerware installed on it, as researchers found in 2018 that many antivirus programs didn’t flag known stalkerware apps. 

On all seven of the apps that Chrysaidos discovered, they prompted the attacker to install other software and then delete the initial download. That allowed these stalkerware apps to spy on victims without an app icon, so people wouldn’t know they were being tracked.

In April, cybersecurity company Kaspersky announced that it would start clamping down on stalkerware as malicious trackers and warn people if they are being surveilled. 

In 2018 alone, Kaspersky’s antivirus discovered stalkerware on 58,487 devices. Other antivirus companies, like Symantec, Malwarebytes and Lookout, also noted that they were ramping up their efforts to block stalkerware. Avast said its threat detection also detects stalkerware and warns its users. 

The developers behind the stalkerware apps didn’t immediately respond to requests for comment.

Originally published July 17, 10:46 a.m. PT.

1 thought on “Google removes stalkerware apps after researchers discover trackers on Play Store”

  1. I am glad that stalkerware is starting to have a higher profile as it has been an ongoing problem for myself as well as some other people I know.

    With walled gardens like Google Play & the Apple Store, you’d think there might be a need to start using an ethics.txt file, similar to the robots.txt file you sometimes find on a web server, that could have a machine-generated but perhaps human-readable format, to set different options on how the operating system chooses to act with hosted applications. So, if you download an Android app, there might be a way to use a simple text file to negotiate the ongoing permissions issues, both visible, & non-visible.

    Some of the worst problems I’ve seen, however, in my use of the Android platform at least, have been applications side-channeling information or sniffing data as it “leaks” through various interfaces. I suppose it is probably far too late to start to insist on more discipline in cell phone application design, but design pragmas such as Design By Contract or Don’t Repeat Yourself ( DRY ) pragmatic practices might be useful in tightening up applications created with sloppy coding practices.

Leave a Reply

Your email address will not be published.