Seven apps which are suspected stalkerwares are pulled out of Google Play Store after security researchers flagged the said applications for allowing users to stalk their family members, kids, employees, and even their love interests.
On Tuesday, security researchers from Avast reported to Google the existence of four stalkerware, which were later removed by the tech giant from its app marketplace for Android OS. According to Avast, their team was also able to detect three more on Wednesday, which all were reported and removed immediately.
Collectively, the seven apps have been downloaded from the Google Play Store more than 130,000 times, with the most popular apps, Spy Tracker, and SMS Tracker having more than 50,000 downloads each. Nikolaos Chrysaidos, Avast’s head of mobile threat intelligence and security, identified the apps using Avast’s mobile threat detection platform apklab.io.
According to the researchers, the app doesn’t work without a snoop or a person who will physically do some things. “The apps require the snoop to have access to the phone they want to spy on,” they said. The snoop will have to physically and (to stalk, sneakily) get hold of the target’s phone and download the apps from the Google Play Store and install them on the target device. The apps would then prompt to have the snoop input his email address and password to the app so the spyware collected data will be sent there.
“The apps also help the snoop to hide the surveillance by providing directions to uninstall anything noticeable to the phone’s owner. Upon setup there is no app icon, so the targeted person does not see any sign of the stalkerware app installed on their phone,” Avast said in a blog post.
The apps were able to collect information like a person’s location, collect their contacts, SMS, and call history. The published names of the stalker apps are:
- Track Employees Check Work Phone Online Spy Free
- Spy Kids Tracker
- Phone Cell Tracker
- Mobile Tracking
- Spy Tracker
- SMS Tracker
- Employee Work Spy
“These apps are highly unethical and problematic for people’s privacy and shouldn’t be on the Google Play Store,” Chrysaidos said. “They promote criminal behavior and can be abused by employers, stalkers, or abusive partners to spy on their victims. We classify such apps as stalkerware, and using apklab.io, we can identify such apps quickly, and collaborate with Google to get them removed,” said Nikolaos Chrysaidos.
One of the apps, named SMS Tracker, markets itself as an app that would help employers track their employees. It said that it allows employers to monitor how long an employee spends on their phones and messaging apps.
“Our app will help you monitor the work time of your employees to save time and save money. Notify the users of work phones that you are going to install the app. It will teach your employees to use their time at work wisely, to reduce time spent on messengers and arrive to work in time,” reads the app’s description.
Spy Tracker, on the other hand, promises parents the ability to know more about their children and their activities. According to the app description in Google Play, the app aims to protect children from “dangers” of using a cellphone.
“Find out more about your child’s life, interests, friends, and plans. Parents are responsible for every step that their kids make. So this app is created to monitor them and protect them from dangers that can be revealed via cell phone. It is better to talk to children, but if you are not a good listener…”
Meanwhile, another app called Employee Work Spy allegedly helps employers keep their employees loyal to the company because “finding a skilled employee is only half a task. The biggest challenge is to keep him faithful to the company and its mission.”
This is not the first time Google Play Store has pulled out malicious apps off its marketplace. In the past months, Six Android apps that were downloaded more than 90 million times were found to have been loaded with the PreAMo malware. Another recent threat saw 50 malware-laced apps on the Google Play Store, infecting over 30 million Android devices. While all of these apps have already been removed from the Play Store, the danger of having apps with malware in the platform remains to be a cause of trouble for all Android users.