This article was published on July 18, 2019

Google has removed 7 ‘stalkerware’ apps from its Play Store


Google has removed 7 ‘stalkerware’ apps from its Play Store

For the ongoing series, Code Word, we’re exploring if — and how — technology can protect individuals against sexual assault and harassment, and how it can help and support survivors.

Google has pulled seven tracking apps from the Play Store after Avast, a cybersecurity company, found they allowed people to stalk on their employees, children, or partner.

Stalkerware, which once seemed inaccessible, now takes the form of applications that allow someone to remotely monitor another person’s activity. For example, one of the apps Google removed was “Spy Kids Tracker,” a parental surveillance app that allowed people to read texts, view photos, and access the GPS location of a phone it had secretly been installed on — and there’s countless more apps out there like this

Combined, the apps pulled from Google’s Play Store had been installed approximately 130,000 times. The most installed apps were “Spy Tracker” and “SMS Tracker,” which had more than 50,000 downloads each.

“These apps are highly unethical and problematic for people’s privacy and shouldn’t be on Google’s Play Store, as they promote criminal behavior, and can be abused by employers, stalkers or abusive partners to spy on their victims,” Avast said in a statement.

There has been little research on stalkerware or attempts to grasp its true scale, but a 2018 study by researchers at Cornell University found that there are dozens of stalkerware tools easily available. But the majority are “dual use” apps masquerading as child safety or anti-theft tools, which can easily be repurposed for spying on a partner or spouse.

Last month, Citizen Labs’ study called “The Predator in your Pocket” found that consumer spyware companies’ blogs and search engine optimization (SEO) content revealed most companies had extensive references to partner monitoring. One company, mSpy, encoded secret HTML text which advertised spousal spying on their website as a way to make their products easily discoverable by people searching for ways to spy on their partners. 

When the researchers viewed the source code for mSpy’s site, they found: “Have you ever considered using SMS tracker to know who your spouse or children are texting with?” This text was originally hidden in the web browser and was only visible when reading the “page’s source code.”

While developers who create these apps are to blame, the responsibility also falls into the hands of Google and Apple to prevent stalkerware apps being available to install. Earlier this year, Google refused to remove Absher, a Saudi Arabian tracking app which limited women’s movement in the country, from its app store as it “did not violate Google’s terms of services.”

Parental apps that claim to keep children safe can be used in not-so-obvious malicious ways which allows them to pass the Play Store’s automated app detector. Although seven stalkerware apps have been removed, this doesn’t mean abusers won’t develop more ways to control and manipulate their partner. 

Like this article and want to see more like it? We have a monthly feminist tech newsletter called “Byte Me” — subscribe here.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with