Google bans stalkerware apps from the play store

September 18, 2020

Google has updated its Play Store rules to impose a "formal" ban on stalkerware apps.

Stalkerware is a code that transmits personal information off the device without adequate notice or consent and doesn't display a persistent notification that this is happening. These apps typically transmit data to a party other than the PHA provider. According to Google, acceptable forms of these apps can be used by parents to track their children, however, "these apps cannot be used to track a person (a spouse, for example) without their knowledge or permission unless a persistent notification is displayed while the data is being transmitted."

Now, with Google's ban, only policy compliant apps exclusively designed and marketed for parental (including family) monitoring or enterprise management may distribute on the Play Store with tracking and reporting features, provided they fully comply with the following requirements:

Apps must not present themselves as a spying or secret surveillance solution.
Apps must not hide or cloak tracking behavior or attempt to mislead users about such functionality.
Apps must present users with a persistent notification and unique icon that clearly identifies the app.
Apps and app listings on Google Play must not provide any means to activate or access functionality that violate these terms, such as linking to a non-compliant APK hosted outside Google Play.
You are solely responsible for determining the legality of your app in its targeted locale. Apps determined to be unlawful in locations where they are published will be removed.

Christoph Hebeisen, Director, Security Intelligence Research at Lookout, a San Francisco, Calif.-based provider of mobile phishing solutions, says, “The use of mobile technology for surveillance in abusive relationships is a very disturbing trend. Google's move to limit such apps on Play is a step in the right direction."

For instance, at Lookout, adds Hebeisen, users are alerted about surveillanceware independent of the stated purpose of the app i.e. the same rules apply to child tracking and device theft protection apps. "We consider such apps malicious if the app doesn't show a persistent notification, hides it's icon, masquerades as something other than its true functionality or hides a part of its functionality. We apply this logic no matter if the app has been loaded from an official app store or sideloaded onto the device," says Hebeisen.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Google bans stalkerware apps from the play store

Related Articles

Related Products

Related Events

Report Abusive Comment