New algorithm discovers hundreds of ‘creepware’ Android applications

Academic researchers from New York University, Cornell Tech and NortonLifeLock have discovered hundreds of the so-called creepware applications available on the Android Play Store, which Google has since removed.

As ZDNet reports, creepware refers to any application that is capable of “stalking, harassing, defrauding, or threatening another person, directly or indirectly,” but does not have all the features sufficient to classify as spyware. In other words, these apps allow abuse, but they must be combined with other apps to be considered a serious threat, that is, until now.

The researchers explain in their article that creepware exists to “allow non-expert users to carry out interpersonal attacks” and created an algorithm called CreepRank, which gives a “creep score” to applications that it believes can be classified as creepware. Examples of common creepware functionality include phishing (masking a phone number), SMS bombardment (spamming someone’s inbox with thousands of SMS messages), and applications that allow access to hacking tutorials.

To test the CreepRank algorithm, the research team used anonymous data provided by NortonLifeLock and taken from 50 million Android devices with Norton Mobile Security. What they discovered was that 857 of the top 1,000 CreepRank scores turned out to be legitimate creepware applications. In total, Google received 1,095 applications that the team believed to be creepware, of which Google removed 813 from the Play Store. That happened in September last year, and NortonLifeLock proceeded to add CreepRank to their Mobile Security software.

Hopefully, the research team can continue to run CreepRank across the Play Store and get Google to respond quickly to any new reported threats. Ideally, adding Google CreepRank as part of its testing procedure for new app listings would mean those apps are much less likely to hit the store and install on our Android phones.

This article originally published on PCMag
here