Google Play Store Removes 813 Apps That Qualified as ‘Creepware’, Research Claims

Google has removed a batch of 813 apps from Google Play app store that were identified as ‘creepware’ by a group of researchers who study stalkerware-like apps. The creepware were identified by the researchers via a newly developed algorithm called, CreepRank that detects creepware-like behaviour within mobile apps. The algorithm then gives ‘creep score’ to apps that are analysed and the researchers found over 1,000 apps that qualified as creepware. The researchers describe creepware as apps that can be essentially be used for interpersonal attacks. Creepware apps aren’t necessarily spyware or stalkerware but they can be used used to stalk or threaten another person, directly or indirectly.

The findings were published in an academic paper from the New York University, Cornell Tech, and NortonLifeLock Research Group and were first reported by ZDNet. The research paper notes that the research aims to initiate a larger study of creepware – an area that the authors believe remains “unstudied.” These can be beneficial to improve security on platforms such as Google Play store.

“In this paper, we initiate a study of creepware using access to a dataset detailing the mobile apps installed on over 50 million Android devices. We develop a new algorithm, CreepRank, that uses the principle of guilt by association to help surface previously unknown examples of creepware, which we then characterise through a combination of quantitative and qualitative methods,” the paper highlighted.

What did CreepRank algorithm find?
The researchers in the paper claimed that to run the CreepRank algorithm to study and find creepware, apps installed on roughly 50 million Android devices were analysed. This data (in the form of anonymous data) was provided to the researchers by Norton, a major computer security firm.

It was further stated that “a wide variety of potential creepware apps” were discovered by the algorithm and then 1,000 apps with the highest CreepRank score were manually analysed and coded to understand their nature.

The findings from our manual coding analysis showed that 857 of CreepRank’s top 1,000 apps qualify as creepware, fulfilling a clear purpose pertaining to interpersonal attack or defence. Unsurprisingly, given the seed set, surveillance apps were best represented in the rankings — 372 of the top 1,000 apps — many of which were not identified by prior work,” the research paper noted.

The researchers also claimed that 107 multifaceted surveillance apps affected 172 thousand (over 17 crores) Norton customers in 2017 alone. The nature or sub-category of the remaining creepware apps was also projected in a chart.

“Overall, CreepRank identified more than a million installs of diverse creepware apps, including apps that enable spoofing (114 apps), harassment (80, including SMS bombers), hacking tutorials (63), and many more.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create your website with WordPress.com
Get started
%d bloggers like this: