Google Play Store Removes Seven Stalkerware Apps, Following Avast's Report

In yet another attempt to clean the Play Store from malicious apps, Google has banned more apps after Avast found that they allowed users to stalk on others.

Created by a Russian developer, these apps are considered 'stalkerware', because when installed, they allows users to remotely monitor other person's activities, without their consent. From spying on text, contact list, photos, call history GPS location and more.

And even worse, according to BleepingComputer, the apps are also able to intercept messages sent via encrypted services such as WhatsApp and Viber, if the target phone was rooted.

There are thousands of apps like these, and following Avast's reports, Google has banned seven of them:

  1. Track Employees Check Work Phone Online Spy Free.
  2. Spy Kids Tracker.
  3. Phone Cell Tracker.
  4. Mobile Tracking.
  5. Spy Tracker.
  6. SMS Tracker.
  7. Employee Work Spy.

Combined, the seven apps have been downloaded and installed by more than 130,000 users, with 'Spy Tracker' and 'SMS Tracker' topping the list as the most popular - managing more than 50,000 installs each, said Avast, the cybersecurity company.

Once installed, stalkers only need to provide an email address and password, so that all the gathered data could be sent to their inbox.

And what's more concerning is that once installed, the apps are able to hide all signs of activities. As a result, victims wouldn’t be aware or able to detect the spying app.

According to Nikolaos Chryhsaidos, head of mobile threat intelligence and security at Avast:

"These apps are highly unethical and problematic for people’s privacy and shouldn’t be on the Google Play Store. They promote criminal behavior, and can be abused by employers, stalkers, or abusive partners to spy on their victims. We classify such apps as stalkerware, and using, we can identify such apps quickly, and collaborate with Google to get them removed."

Stalkerware has been around for quite some times, but little research have been done to grasp its true scale.

First of all, it's because there are only a few differences between a commercial spyware (detected but defined by most security software as 'not-a-virus'), like those to find lost phones, and a spying malware which works with command and control server (C2) that require users to know some skills to make the app hidden and malicious.

Both types of 'spyware' programs have been publicly criticized multiple times, yet their status remains largely vague because they overlap in functionality.

The second problem is because some developers market their apps as child-tracking software or something similar. This kind of apps are marketed to keep children safe, allowing the developers to pass Play Store’s automated app detector.

However, the majority of these apps are “dual use” apps.

Meaning that they masquerade as child safety tools, but can also be repurposed for spying on a partner, spouse or anyone else for that matter.

While developers who create these apps are to blame, the responsibility also falls into the hands of Google and Apple to prevent stalkerware apps from being available to install by the vast majority of users.