These apps allow people to be stalked and harassed, but it required a new algorithm to discover and remove them as a threat to Android users.
Academic researchers from New York University, Cornell Tech, and NortonLifeLock have discovered hundreds of so-called creepware apps available on the Android Play Store, which Google has since removed.
Creepware refers to any app that is able to “stalk, harass, defraud, or threaten another person, directly or indirectly,” but isn’t fully-featured enough to class as spyware. In other words, these apps enable abuse, but need to be combined with other apps to be counted as a serious threat, that is, until now.
The researchers explain in their paper that creepware exists for “enabling non-expert users to mount interpersonal attacks” and created an algorithm called CreepRank, which awards a “creep score” to apps it believes may class as creepware. Examples of common creepware functionality includes spoofing (masking a phone’s number), SMS bombing (spam someone’s inbox with thousands of SMS messages), and apps allowing access to hacking tutorials.
To test the CreepRank algorithm, the research team used anonymized data provided by NortonLifeLock and taken from 50 million Android devices running Norton Mobile Security. What they discovered was 857 of the top 1,000 CreepRank scores turned out to be legitimate creepware apps. In total, Google was sent 1,095 apps the team believed were creepware, of which, Google removed 813 from the Play Store. That happened in September last year and NortonLifeLock proceeded to add CreepRank to its Mobile Security software.
Hopefully, the research team can continue to run CreepRank on the whole of the Play Store and have Google respond quickly to any new threats reported. Ideally, Google adding CreepRank as part of its testing procedure for new app listings would mean such apps are much less likely to make it on to the store and installed on our Android phones.