TY - GEN
T1 - The many kinds of creepware used for interpersonal attacks
AU - Roundy, Kevin A.
AU - Mendelberg, Paula Barmaimon
AU - Dell, Nicola
AU - McCoy, Damon
AU - Nissani, Daniel
AU - Ristenpart, Thomas
AU - Tamersoy, Acar
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/5
Y1 - 2020/5
N2 - Technology increasingly facilitates interpersonal attacks such as stalking, abuse, and other forms of harassment. While prior studies have examined the ecosystem of software designed for stalking, there exists an unstudied, larger landscape of apps - what we call creepware - used for interpersonal attacks. In this paper, we initiate a study of creepware using access to a dataset detailing the mobile apps installed on over 50 million Android devices. We develop a new algorithm, CreepRank, that uses the principle of guilt by association to help surface previously unknown examples of creepware, which we then characterize through a combination of quantitative and qualitative methods. We discovered apps used for harassment, impersonation, fraud, information theft, concealment, and even apps that purport to defend victims against such threats. As a result of our work, the Google Play Store has already removed hundreds of apps for policy violations. More broadly, our findings and techniques improve understanding of the creepware ecosystem, and will inform future efforts that aim to mitigate interpersonal attacks.
AB - Technology increasingly facilitates interpersonal attacks such as stalking, abuse, and other forms of harassment. While prior studies have examined the ecosystem of software designed for stalking, there exists an unstudied, larger landscape of apps - what we call creepware - used for interpersonal attacks. In this paper, we initiate a study of creepware using access to a dataset detailing the mobile apps installed on over 50 million Android devices. We develop a new algorithm, CreepRank, that uses the principle of guilt by association to help surface previously unknown examples of creepware, which we then characterize through a combination of quantitative and qualitative methods. We discovered apps used for harassment, impersonation, fraud, information theft, concealment, and even apps that purport to defend victims against such threats. As a result of our work, the Google Play Store has already removed hundreds of apps for policy violations. More broadly, our findings and techniques improve understanding of the creepware ecosystem, and will inform future efforts that aim to mitigate interpersonal attacks.
UR - http://www.scopus.com/inward/record.url?scp=85091590485&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85091590485&partnerID=8YFLogxK
U2 - 10.1109/SP40000.2020.00069
DO - 10.1109/SP40000.2020.00069
M3 - Conference contribution
AN - SCOPUS:85091590485
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 626
EP - 643
BT - Proceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 41st IEEE Symposium on Security and Privacy, SP 2020
Y2 - 18 May 2020 through 21 May 2020
ER -