Antivirus firm Avast revealed on Wednesday that its researchers recently uncovered seven so-called “stalkerware” apps on the Google Play Store, all of which have now been removed by the web giant.
Collectively, the apps had been downloaded 130,000 times, suggesting plenty of people may still be using them. Spy Tracker and SMS Tracker were the most popular, reaching a combined total of 50,000 downloads.
In a blog post describing its findings, Avast’s Jeff Elder wrote that the apps are most likely used by people keen to stalk a partner, family members, or employees without them knowing.
To use such an app, the snoop must first gain access to the target device so that they can install the spy software.
The software can operate without the phone user’s knowledge, as there’s no app icon left on the handset or any other indication that the device is being tracked. This is because the initial download — onto the target device — directs the snoop to another site to install the actual stalkerware. Once the download is complete, the snoop is prompted to delete the initial installation, which includes the app icon.
And it’s not just the phone’s location that the snoop can track. The apps also give access to a handset’s contact list, as well as its SMS and call history.
Commenting on the discoveries, Nikolaos Chrysaidos, Avast’s head of mobile threat intelligence and security, said: “These apps are highly unethical and problematic for people’s privacy and shouldn’t be on the Google Play Store,” adding, “They promote criminal behavior, and can be abused by employers, stalkers, or abusive partners to spy on their victims.”
Google has a team dedicated to keeping malicious apps out of the Play Store. Earlier this year, Google Play product manager Andrew Ahn said the company is working on enhancing its abuse detection technologies and machine learning systems, and also expanding its team of product managers, engineers, policy experts, and operations leaders tasked with keeping dodgy apps out of its Android store.
But the endless uploading of such software can make it a challenging job at times. In 2017, Google revealed it deleted a staggering 700,000 malicious apps from its online store, with 100,000 developers banned from submitting new software in the future.
We’ve reached out to Google to find out more about its latest efforts to purge the Play Store of stalkerware apps and will update if we hear back.
If you’re concerned about the safety of apps you’re downloading from the Play Store, we suggest you stick with well-known brands, or hit the web to search for reviews of the app you’re interested in to confirm its validity.