What just happened? Google has removed plenty of apps from its Play Store in the past, usually because they contained some form of hidden malware. On this occasion, however, the programs were booted because they could allow users to stalk people.
Threat researchers at antivirus giant Avast discovered seven apps on the Google Play Store that were apparently all built by the same Russian developer. It writes that they could be used to stalk employees, romantic partners, or kids without their knowledge.
Avast reported all of the apps to Google as soon as they were discovered. The tech giant quickly removed them from its Play Store, but they had already been downloaded a total of 130,000+ times, with two of them— Spy Tracker and SMS Tracker—each having gained over 50,000 installs.
The apps require a person to have access to a target’s phone so they can be downloaded and installed. There’s little sign of the software on the device—no icons, for example—and they even advise the snoopers on how to hide evidence of the installs. The apps can then track a person’s location, collect their contacts, look at SMS messages, and see their call history, sending the data back to the attacker.
While the apps were pushed as ways to monitor children or employees, Nikolaos Chrysaidos, Avast’s head of mobile threat intelligence and security, said "they promote criminal behavior, and can be abused by employers, stalkers or abusive partners to spy on their victims."
"Some of these apps are offered as parental control apps, but their descriptions draw a different picture, telling users the app allows them to ‘keep an eye on cheaters’. We classify such apps as stalkerware, and using apklab.io we can identify such apps quickly, and collaborate with Google to get them removed.”
Yesterday brought news that Google had banned a large Chinese app maker from its store for swamping users with disruptive ads.
Image credit: Artem Oleshko via Shutterstock