Researchers find more than 1,000 “creepware” apps on Google Play

A group of researchers from Coalition founding partner NortonLifeLock, Cornell Tech and New York University have found a large number of Android apps that can be used for stalking and harassment and that include, but aren’t limited to, traditional stalkerware. More than 800 of the apps have since been removed by Google from its Google Play store.

When researchers look for stalkerware on the Internet and on app stores, they typically do so by using search terms that people would use to find such apps, such as “spy on wife”. However, this rather narrowly focuses on one particular kind of app used for stalking.

The approach in this paper is different and used an anonymized dataset provided by NortonLifeLock’s mobile security product of apps found on mobile devices and then assigned a ‘CreepRank’ score depending on how likely an app was to be found on a device with known stalkerware installed. The idea behind this approach being that those installing stalkerware on a subject’s phone will likely install other apps they can use to harass or stalk.

Using this CreepRank, the researchers found 1,095 apps they call ‘creepware’, a category of apps that apart from traditional stalkerware also include apps that can be used to send a large amount of SMS messages or spoof senders, but also apps that were likely used by the phone owner to evade restrictions placed upon them.

The research findings were reported to Google, which found about 75 per cent of them in violation of its policies; these were subsequently removed from Google Play.

The research serves as an important reminder that stalkerware is only one aspect in which digital technology is used in abusive relationships. Both technology companies and those working with abuse survivors are advised to inform themselves of this multifaceted threat to ensure the best help can be provided.