A new algorithm has detected apps that put people at risk of stalking and harassment, which Google later removed as a threat to Android users.
New York University's Cornell Tech researchers teamed up with NortonLifeLock to discover hundreds of creepware apps available on the Android Play Store. Google has later removed these apps, according to PCMag.
The researchers created CreepRank, an algorithm that awards a "creep score" to apps, which it believes may class as creepware. According to a ZDNet report, creepware is an app that allows direct or indirect stalking, harassing, defrauding, or threatening of another person. Although it enables abuse, it does not have complete features to be classified as spyware or a serious threat.
Researchers wrote that while there are numerous studies on spyware, a larger amount of apps, which they labeled as creepware remain untouched.
In their paper, researchers explained that creepware exists to facilitate "non-expert users to mount interpersonal attacks." Common creepware functions include masking a phone's number (spoofing), spamming someone's inbox with thousands of SMS messages (SMS bombing), and hacking tutorials apps.
They then created an algorithm called CreepRank, which awards a "creep score" to apps, which the team believes to be creepware. And then the researchers ranked the apps based on their creep scores to see the ones that could be abused for tracking or harassing users.
The research entitled "The Many Kinds of Creepware Used for Interpersonal Attacks," which is the basis of last year's report, was published online earlier this month.
"[Our] findings and techniques improve understanding of the creepware ecosystem, and will inform future efforts that aim to mitigate interpersonal attacks," the researchers wrote in their paper.
CreepRank's First Success
NortonLifeLock provided anonymized data taken from 50 million Android devices running Norton Mobile Security, which researchers used to test the CreepRank algorithm.
They discovered that out of the top 1,000 CreepRank scores, 857 of them turned out to be legitimate apps, although the "creepware" functions are the primary of the app and its marketing.
After examining app data sets from 2017, 2018, and 2019, the team sent Google a list of 1,095 apps, which have creepware features. These creepware apps account for more than one million installs in Android devices across the globe.
Google's security team took down 813 apps in September for violating the Play Store's terms and conditions, which validated the algorithm's efficiency. Meanwhile, NortonLifeLock has added CreepRank to its Mobile Security software.
NortonLifeLock is also one of the 10 founding members of the Coalition Against Stalkerware. The cyber-security industry group was created in November and aims to fight the rise and prevalence of stalkerware apps.
The future of CreepRank
Ideally, adding CreepRank as part of Google's testing procedure for new app listings would mean creepware apps are less likely to reach the market or be installed on Android phones.
In the meantime, Google can continue running CreepRank on the Play Store and respond quickly to any new threats reported by the app.