The group, which was made up of academics and researchers from NYU, Cornell Tech and NortonLifeLock, has published a new paper based on their research titled “The Many Kinds of Creepware Used for Interpersonal Attacks”.
While similar, creepware differs from both spyware and stalkerware due to the fact that these mobile apps lack some of the features used to spy on users. However, creepware can still be used to directly or indirectly stalk, harass, defraud or threaten another person online.
- Google clamps down on Android app access to personal data
- Google Play Protect blocked 1.9 billion malware installs last year
- Also check out the best Android antivirus apps
To identify creepware more effectively, the research team developed an algorithm named CreepRank that is able recognize these kinds of apps and assign a creep score to each one. CreepRank has the ability to identify apps with features that can be abused to extract SMS messages from a device, spoof another user's identity in chats, launch denial-of-service attacks, hide other apps, track location and more.
Searching for creepware
In order to find creepware apps in the real world, the research team ran CreepRank on a sample of anonymized data, provided by NortonLifeLock from devices running Norton Mobile Security, from apps installed on over 50m Android smartphones.
The CreepRank algorithm then calculated a creep score for each app and the researchers ranked these apps to find out which ones could be abused to track or harass users. By analyzing the top 1,000 apps based on their creep score, the researchers found that 857 of them qualified as creepware. To make matters worse, the creepware functions took a central role in these apps and some even promoted these features in their marketing.
The researchers then applied the CreepRank algorithm to app data sets from 2017, 2018 and 2019 to discover 1,095 creepware apps that accounted for more than 1m installs across real-world devices. Following its discovery, the research team notified Google about these 1,095 apps last summer and the search giant's security team took down 813 of them for violating the terms and conditions of the Play Store.
Dangerous Android apps can pose a significant security and privacy risk to users but thankfully Google has made a concerted effort to rid the Play Store of bad apps.
- We've also highlighted the best antivirus software
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.