Skip to main content
SpringerLink
Log in

No Place to Hide: Privacy Exposure in Anti-stalkerware Apps and Support Websites

  • Conference paper
  • First Online:
Secure IT Systems (NordSec 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14324))

Included in the following conference series:

  • 231 Accesses

Abstract

Stalkerware is malicious software found in mobile devices that monitors and tracks a victim’s online and offline activity. This harmful technology has become a growing concern, jeopardizing the security and privacy of millions of victims and fostering stalking and Intimate Partner Violence (IPV). In response to this threat, various solutions have emerged, including anti-stalkerware apps that aim to prevent and detect the use of monitoring apps on a user’s device. Organizations dedicated to assisting IPV victims have also enhanced their online presence, offering improved support and easy access to resources and materials. Considering how these tools and support websites handle sensitive personal information of users, it is crucial to assess the privacy risks associated with them. In this paper, we conduct a privacy analysis on 25 anti-stalkerware apps and 323 websites to identify issues such as PII leaks, authentication problems and 3rd-party tracking. Our tests reveal that 14/25 apps and 210/323 websites share user information with 3rd-party services through trackers, cookies or session replay. We also identified 44 domains to which sensitive data is sent, along with 3 services collecting information submitted in forms through session replay.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.downcc.com.

  2. 2.

    https://stopstalkerware.org/resources.

  3. 3.

    https://www.bjwomen.gov.cn/, https://hnflw.gov.cn/, https://www.sxwomen.org.cn/, https://www.womenvoice.cn/.

  4. 4.

    https://easylist.to/.

References

  1. Almansoor, M., Gallardo, A., Poveda, J., Ahmed, A., Chatterjee, R.: A global survey of android dual-use applications used in intimate partner surveillance apps. In: Proceedings on Privacy Enhancing Technologies Symposium, Lausanne, Switzerland (2022)

    Google Scholar 

  2. Armstrong, A., Jaffray, B.: Homicide in Canada. Canadian Centre for Justice Statistics, Juristat (2020)

    Google Scholar 

  3. Bracewell, K., Hargreaves, P., Stanley, N.: The consequences of the covid-19 lockdown on stalking victimisation. J. Family Viol. 1–7 (2020)

    Google Scholar 

  4. Ceccio, R., Stephenson, S., Chadha, V., Huang, D.Y., Chatterjee, R.: Sneaky spy devices and defective detectors: the ecosystem of intimate partner surveillance with covert devices. In: USENIX Security Symposium, Anaheim, CA, USA (2023)

    Google Scholar 

  5. Chatterjee, R., et al.: The spyware used in intimate partner violence. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 441–458. IEEE (2018)

    Google Scholar 

  6. Conti, M., Rigoni, G., Toffalini, F.: Asaint: a spy app identification system based on network traffic. In: Proceedings of ARES 2020, pp. 1–8 (2020)

    Google Scholar 

  7. EasyList. EasyList 2023 (2023). https://easylist.to

  8. Echap. Stalkerware indicators of compromise (2022). https://github.com/AssoEchap/stalkerware-indicators

  9. Eterovic-Soric, B., Choo, K.-K.R., Ashman, H., Mubarak, S.: Stalking the stalkers-detecting and deterring stalking behaviours using technology: a review. Comput. Secur. 70, 278–289 (2017)

    Article  Google Scholar 

  10. Fassl, M., Anell, S., Houy, S., Lindorfer, M., Krombholz, K.: Comparing user perceptions of anti-stalkerware apps with the technical reality. In: SOUPS 2022, pp. 135–154 (2022)

    Google Scholar 

  11. Han, Y., Roundy, K.A., Tamersoy, A.: Towards stalkerware detection with precise warnings. In: Annual Computer Security Applications Conference, pp. 957–969 (2021)

    Google Scholar 

  12. Ischen, C., Araujo, T., Voorveld, H., van Noort, G., Smit, E.: Privacy concerns in chatbot interactions. In: Følstad, A., et al. (eds.) CONVERSATIONS 2019. LNCS, vol. 11970, pp. 34–48. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-39540-7_3

    Chapter  Google Scholar 

  13. Kaspersky. New kaspersky stalkerware report confirms the link between online and offline violence (2022). https://www.kaspersky.com/about/press-releases/2022_new-kaspersky-stalkerware-report-confirms-the-link-between-online-and-offline-violence

  14. KasperskyLab. Tinycheck (2021). https://github.com/KasperskyLab/TinyCheck

  15. Kaur, P., Sharma, S.: Spyware detection in android using hybridization of description analysis, permission mapping and interface analysis. Procedia Comput. Sci. 46, 794–803 (2015)

    Article  Google Scholar 

  16. Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.: Behavior-based spyware detection. In: Usenix Security Symposium, p. 694 (2006)

    Google Scholar 

  17. Liu, E., et al.: No privacy among spies: assessing the functionality and insecurity of consumer android spyware apps. Proc. Priv. Enhanc. Technol. 1, 1–18 (2023)

    Google Scholar 

  18. Microsoft Clarity. Microsoft clarity (2023). https://clarity.microsoft.com

  19. B. of Justice Statistics. Stalking victimization (2019). https://bjs.ojp.gov/library/publications/stalking-victimization-2019

  20. OpenWPM. OpenWPM (2023). https://github.com/openwpm/OpenWPM

  21. Pourali, S., Samarasinghe, N., Mannan, M.: Hidden in plain sight: exploring encrypted channels in android apps. In: Proceedings of the 2022 ACM SIGSAC CCS, pp. 2445–2458 (2022)

    Google Scholar 

  22. Qabalin, M.K., Naser, M., Alkasassbeh, M.: Android spyware detection using machine learning: a novel dataset. Sensors 22(15), 5765 (2022)

    Article  Google Scholar 

  23. Samarasinghe, N., Adhikari, A., Mannan, M., Youssef, A.: Et tu, brute? privacy analysis of government websites and mobile apps. In: Proceedings of the ACM Web Conference 2022, pp. 564–575 (2022)

    Google Scholar 

  24. Senol, A., Acar, G., Humbert, M., Borgesius, F.Z.: Leaky forms: a study of email and password exfiltration before form submission. In: USENIX Security Symposium, pp. 1813–1830 (2022)

    Google Scholar 

  25. Stefanko, L.: Android stalkerware vulnerabilities (2021). https://www.welivesecurity.com/wp-content/uploads/2021/05/eset_android_stalkerware.pdf

  26. Stephenson, S., Almansoori, M., Emami-Naeini, P., Chatterjee, R.: “it’s the equivalent of feeling like you’re in jail”: lessons from firsthand and secondhand accounts of iot-enabled intimate partner abuse. In: USENIX Security Symposium, Anaheim, CA, USA (2023)

    Google Scholar 

  27. Stephenson, S., Almansoori, M., Emami-Naeini, P., Huang, D.Y., Chatterjee, R.: Abuse vectors: a framework for conceptualizing IoT-enabled interpersonal abuse. In: USENIX Security Symposium, Anaheim, CA, USA (2023)

    Google Scholar 

  28. Yandex. Yandex (2023). https://metrica.yandex.com/about

  29. Yu, X., Samarasinghe, N., Mannan, M., Youssef, A.: Got sick and tracked: privacy analysis of hospital websites. In: 2022 IEEE EuroS &PW, pp. 278–286. IEEE (2022)

    Google Scholar 

Download references

Acknowledgements

This research was funded by the Office of the Privacy Commissioner of Canada (OPC), we thank them for their trust and support.

Author information

Authors and Affiliations

  1. Concordia University, Montreal, QC, Canada

    Philippe Mangeard, Xiufen Yu, Mohammad Mannan & Amr Youssef

Authors
  1. Philippe Mangeard
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiufen Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohammad Mannan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Amr Youssef
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Philippe Mangeard .

Editor information

Editors and Affiliations

  1. OsloMet – Oslo Metropolitan University, Oslo, Norway

    Lothar Fritsch

  2. OsloMet – Oslo Metropolitan University, Oslo, Norway

    Ismail Hassan

  3. OsloMet - Oslo Metropolitan University, Oslo, Norway

    Ebenezer Paintsil

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mangeard, P., Yu, X., Mannan, M., Youssef, A. (2024). No Place to Hide: Privacy Exposure in Anti-stalkerware Apps and Support Websites. In: Fritsch, L., Hassan, I., Paintsil, E. (eds) Secure IT Systems. NordSec 2023. Lecture Notes in Computer Science, vol 14324. Springer, Cham. https://doi.org/10.1007/978-3-031-47748-5_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-47748-5_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-47747-8

  • Online ISBN: 978-3-031-47748-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation