On the popular Netflix series You, a stalker accesses his girlfriend’s texts by stealing her phone. (To the woe of viewers, she fails to unsync the missing device from her iCloud account before replacing it.) Later, he installs spyware on his neighbor’s phone to read her text messages and track her whereabouts. Though it’d be nice to pretend that such people don’t exist in real life, stalkerware is a serious problem. In fact, a woman whose partner installed stalkerware on her phone told a British publication that You was “scarily accurate.”
Now Google is making it more difficult for people to spy on their significant others and exes. Effective Aug. 11, the search giant will ban ads on most stalkerware apps.
Once installed, stalkerware lets users spy on targets’ text messages, call logs, photos and videos, location data, and what they type into their phone (yes, including important passwords). While some apps require that the stalker have physical access to their target’s phone, that’s not always the case. Some let a user send their target a link that’s camouflaged as something harmless. Once clicked, the link downloads stalkerware onto the device.
Many stalkerware apps are already banned from the App Store and the Play Store, making them harder to find. That’s where the Google ad ban comes in: Companies promoting stalkerware apps can no longer redirect users to third-party sources where their services are available.
A February poll from the software company NortonLifeLock found that one in 10 Americans have used stalkerware to keep tabs on their significant other or ex. The results can be terrifying and life-threatening. In 2019, the BBC described how a woman’s husband used surveillance software to track her every move. That same year, someone told the MIT Technology Review that, with the help of a stalkerware app, her boyfriend “knew where I was at all times, who I was talking to on email, text messages, social media—all of it. He could see everything. I had no privacy.”
Stalkerware has reportedly surged during the COVID-19 lockdown. The internet security company Avast says it has seen a 51 percent uptick in stalkerware usage between March and June. According to CyberScoop, the California-based company Malwarebytes reported a 190 percent spike in stalkerware detections on customers’ devices since lockdown began. The director of protection labs and quality assurance at Avira, Alex Vukcevic, told CyberScoop, “When many countries were starting to announce the lockdowns, we see a parallel between that and the [stalkerware] installation rates.”
Unfortunately, Google’s updated advertising policy contains a loophole. It bans “the promotion of products or services that are marketed or targeted with the express purpose of tracking or monitoring another person or their activities without their authorization.” But it does not include private investigation and child monitoring apps—which can be used for stalking, too. A study from 2018 warns of “dual-use” apps, which are advertised for nonmalicious services but can easily be repurposed by stalkers. An October 2019 article from the BBC warned that many stalkerware companies advertise their products as “parental control” or “employee monitoring” services.
As Ars Technica points out, “the popularity of ‘dual use’ apps, as described by the study, also effectively makes Google’s ban on stalkerware ads toothless, as many tracking apps already claim to have a legitimate use for parents or investigators.”