Google Removes Stalkerware Ads - Phone Spying Apps Banned

Google Removes Ads for Spyware Targeting Spouses

Google has recently removed multiple advertisements for applications categorized as “stalkerware” due to violations of its advertising policies. These apps were found to be promoting the ability to monitor a spouse’s phone activity without their knowledge.

The Dual Nature of Monitoring Apps

Many consumer-level spyware applications are initially presented as tools for parental control. They are marketed to parents who wish to oversee their children’s digital activities, including calls, messages, app usage, photos, and location, often with the stated intention of protecting them from online dangers.

However, these same applications are frequently exploited by individuals in abusive relationships to secretly monitor their partners’ phones. This misuse has led to growing concern and action within the tech industry.

Industry Response to “Stalkerware”

The increasing prevalence of “stalkerware,” also known as “spouseware,” has spurred a broader industry response aimed at curbing its spread.

• Antivirus Software: Developers of antivirus programs are enhancing their detection capabilities to identify and flag stalkerware.
• Federal Authorities: Law enforcement agencies are taking steps against manufacturers of spyware that pose security risks to victims.

Last August, Google implemented a ban on advertisements within search results for apps specifically designed to track or monitor individuals without their consent.

Recent Policy Violations

Despite the ban, TechCrunch reported discovering five app developers still advertising their stalkerware products as recently as the previous week.

A Google spokesperson stated, “We do not permit advertisements that promote spyware intended for partner surveillance. The ads that breached this policy were promptly removed, and we will continue to monitor for evolving tactics used by malicious actors to circumvent our detection systems.”

Policy Nuances and Exemptions

Google’s policy regarding dishonest behavior, which encompasses the promotion of spyware, prohibits ads promoting surveillance of intimate partners. However, it does allow advertising for tracking a child’s activities or monitoring employees’ devices in the workplace.

The policy also provides an exemption for legitimate private investigation services, although Google did not elaborate on how it verifies the intended use of an application.

Concerns Regarding Policy Enforcement

Advocates for stronger action against stalkerware have voiced concerns about the effectiveness of Google’s policy enforcement.

Malwarebytes, a founding member of the Coalition Against Stalkerware, argued last year that the policy was “incomplete” because it allowed stalkerware developers to “modify their marketing without altering the underlying technology.”

Google’s Enforcement Methods

The Google spokesperson declined to detail the specifics of its enforcement procedures. However, they indicated that the company assesses a combination of factors, including the ad’s text and imagery, the product’s promotion, and the content of the landing pages linked from the ads.

Evasion Techniques Employed by Stalkerware Developers

TechCrunch’s investigation revealed that several stalkerware applications utilized various methods to circumvent Google’s advertising ban and secure ad approval.

For example, mSpy, a spyware app previously involved in a significant security breach in 2018, directed Google ads to an intermediary web page on a different domain than its official website. This tactic hindered Google’s ability to identify the app’s marketing to those seeking to monitor “kids, husband or wife, grandma or grandpa.”

ClevGuard, another stalkerware developer that experienced a data leak affecting thousands of users in 2020, ran Google ads linking to a page on its website explicitly stating the app could be used to “dispel any doubts in a relationship.” This page was intentionally excluded from Google’s search index using a “robots” file.

TechCrunch identified two additional stalkerware apps employing the same technique, which Google confirmed also violated its policies.

Overt Advertising of Spyware

Some advertisements were more direct in their messaging. PhoneSpector, a spyware company located in Long Island, New York, ran ads promoting the app as a means to “catch a cheater.”

Penalties for Policy Violations

As of September, Google announced it will suspend the accounts of advertisers who repeatedly violate its ad policies, including those promoting spyware for spouse targeting, for a period of three months.

Requests for comment from the stalkerware companies involved were unanswered.