The many kinds of creepware used for interpersonal attacks

Kevin A. Roundy, Paula Barmaimon Mendelberg, Nicola Dell, Damon McCoy, Daniel Nissani, Thomas Ristenpart, Acar Tamersoy

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Technology increasingly facilitates interpersonal attacks such as stalking, abuse, and other forms of harassment. While prior studies have examined the ecosystem of software designed for stalking, there exists an unstudied, larger landscape of apps - what we call creepware - used for interpersonal attacks. In this paper, we initiate a study of creepware using access to a dataset detailing the mobile apps installed on over 50 million Android devices. We develop a new algorithm, CreepRank, that uses the principle of guilt by association to help surface previously unknown examples of creepware, which we then characterize through a combination of quantitative and qualitative methods. We discovered apps used for harassment, impersonation, fraud, information theft, concealment, and even apps that purport to defend victims against such threats. As a result of our work, the Google Play Store has already removed hundreds of apps for policy violations. More broadly, our findings and techniques improve understanding of the creepware ecosystem, and will inform future efforts that aim to mitigate interpersonal attacks.

    Original languageEnglish (US)
    Title of host publicationProceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages626-643
    Number of pages18
    ISBN (Electronic)9781728134970
    DOIs
    StatePublished - May 2020
    Event41st IEEE Symposium on Security and Privacy, SP 2020 - San Francisco, United States
    Duration: May 18 2020May 21 2020

    Publication series

    NameProceedings - IEEE Symposium on Security and Privacy
    Volume2020-May
    ISSN (Print)1081-6011

    Conference

    Conference41st IEEE Symposium on Security and Privacy, SP 2020
    Country/TerritoryUnited States
    CitySan Francisco
    Period5/18/205/21/20

    ASJC Scopus subject areas

    • Safety, Risk, Reliability and Quality
    • Software
    • Computer Networks and Communications

    Fingerprint

    Dive into the research topics of 'The many kinds of creepware used for interpersonal attacks'. Together they form a unique fingerprint.

    Cite this