“Creeperware” apps are making a comeback on Google Play Store

Back in 2019, after cybersecurity researchers notified Google that they were publishing dangerous and malicious apps, the Google Play Store removed more than 1,000 apps that were found to be surveilling, monitoring, and harassing users. This was probably their biggest purge even as some of the apps were not initially punished because they didn’t violate guidelines technically. But now it looks like some of these apps may be making a comeback under different names but doing the same possibly dangerous functions.

Researchers dubbed these apps as “creeperware” since that’s what most of them are basically doing, creeping up on users and their privacy. A lot of the apps are used for spying on people, spoofing phone numbers, and even secretly recording video and audio. While some were created basically for parents to check up on their kids (although that in itself is debatable) they are often abused and misused to spy on partners or strangers that more often than not have no idea they’re being digitally stalked.

Having these apps get past the controls of Google Play Store is due to the open nature of Android’s system. As opposed to the stricter nature of Apple’s App Store, Google allows a bit more leeway for its OS and the apps that can be installed on it. While they automatically scan the apps submitted for potentially malicious codes, developers have been known to game the system and get past that. Hence the presence of apps like Catch Cheating Spouse and other similar apps with their “stalkerware packages”.

The current system is lacking other indicators that an app can be used to stalk and abuse people. So the researchers that uncovered the 1,095 creeperware apps last year have created a custom-based algorithm called CreepRank that analyzed an anonymized database of apps installed on 50 million Android devices. Prominent categories of apps they discovered are child-tracking and number spoofer apps. And a lot of them are back on the Google Play Store and have been downloaded by millions of users.

Google has been introducing new things like Play Protect which scans and protects users from malicious apps outside of the Play Store but they need to be able to detect such apps within their eco-system as well. Experts are saying there has to be a system-level change in order to protect users from installing or getting stalked by these apps.