Google has removed last year a batch of 813 "creepware" apps from the official Android Play Store following a report from a group of academics studying stalkerware-like apps.
The research behind last year's report has now been published online this month in a paper titled "The Many Kinds of Creepware Used for Interpersonal Attacks."
In the paper, academics from the New York University, Cornell Tech, and NortonLifeLock (formerly Symantec) analyzed so-called "creepware" apps.
The term creepware refers to mobile apps that don't possess the full features of a spyware or stalkerware product but they can still be used to stalk, harass, defraud, or threaten another person, directly or indirectly.
The CreepRank algorithm
The research team says it developed an algorithm named CreepRank that identifies creepware-like behavior inside mobile apps, and then assigns a creep score to each app.
For example, the CreepRank algorithm can identify apps with features that can be abused to extract SMS messages from a device, spoof another user's identity in IM/SMS chats, launch denial-of-service attacks (SMS/IM bombs, etc.), hide other apps, control access to other apps, track location, and more.
Apps implementing these features on their own do not qualify as spyware or stalkerware (spouseware) on their own, but they still enable some form of abuse, or they could be combined with others for more intrusive behaviors.
Academics searched for creepware on 50 million devices
After developing the CreepRank algorithm, the research team used it to identify creepware apps in the real world.
The research team did this by running CreepRank on a sample of anonymized data from apps installed on more than 50 million Android smartphones. This data was provided by NortonLifeLock, and came from real-world devices running the Norton Mobile Security mobile antivirus.
For each app, the CreepRank algorithm calculated a creep score, and