Google has removed a batch of 813 apps from Google Play app store that were identified as ‘creepware’ by a group of researchers who study stalkerware-like apps. The creepware were identified by the researchers via a newly developed algorithm called, CreepRank that detects creepware-like behaviour within mobile apps. The algorithm then gives ‘creep score’ to apps that are analysed and the researchers found over 1,000 apps that qualified as creepware. The researchers describe creepware as apps that can be essentially be used for interpersonal attacks. Creepware apps aren’t necessarily spyware or stalkerware but they can be used used to stalk or threaten another person, directly or indirectly.
The findings were published in an academic paper from the New York University, Cornell Tech, and NortonLifeLock Research Group and were first reported by ZDNet. The research paper notes that the research aims to initiate a larger study of creepware – an area that the authors believe remains “unstudied.” These can be beneficial to improve security on platforms such as Google Play store.
“In this paper, we initiate a study of creepware using access to a dataset detailing the mobile apps installed on over 50 million Android devices. We develop a new algorithm, CreepRank, that uses the principle of guilt by association to help surface previously unknown examples of creepware, which we then characterise through a combination of quantitative and qualitative methods,” the paper highlighted.
What did CreepRank algorithm find?
The researchers in the paper claimed that to run the CreepRank algorithm to study and find creepware, apps installed on roughly 50 million Android devices were analysed. This data (in the form of anonymous data) was provided to the researchers by Norton, a major computer security firm.
It was further stated that “a wide variety of potential creepware apps” were discovered by the algorithm and then 1,000 apps with the highest CreepRank score were manually analysed and coded to understand their nature.
“The findings from our manual coding analysis showed that 857 of CreepRank’s top 1,000 apps qualify as creepware, fulfilling a clear purpose pertaining to interpersonal attack or defence. Unsurprisingly, given the seed set, surveillance apps were best represented in the rankings — 372 of the top 1,000 apps — many of which were not identified by prior work,” the research paper noted.
The researchers also claimed that 107 multifaceted surveillance apps affected 172 thousand (over 17 crores) Norton customers in 2017 alone. The nature or sub-category of the remaining creepware apps was also projected in a chart.
“Overall, CreepRank identified more than a million installs of diverse creepware apps, including apps that enable spoofing (114 apps), harassment (80, including SMS bombers), hacking tutorials (63), and many more.”
The paper suggested that there are apps that have the ability to defend against interpersonal attacks, such as anti-surveillance apps and apps that deal with ‘SMS bombing’. But these are yet to be studied and analysed using CreepRank.
Results of CreepRank algorithm findings
The researchers claimed that the team notified Google about the 1,095 apps that qualified as creepware.
“We also reported 1,095 apps to Google via a responsible disclosure process, and they removed 813 apps for violating the Google Play store’s terms and conditions.”
The researchers also claimed that the team explored the landscape of creepware that they believe remain largely unstudied. It was also noted that algorithms such as CreepRank can be useful for app stores and anti-virus vendors to improve safety for mobile device users.