Advertising for software and hardware designed to stalk and spy on people will soon be banned on Google.
Promotion of products or services that are marketed or targeted with the express purpose of tracking or monitoring another person or their activities without their authorization will be prohibited on the platform starting Aug. 11, the company, which is owned by Alphabet, announced Friday in its ads policies center.
Under a change in the Google Ads Enabling Dishonest Behavior policy, the ban will include advertising for spyware or malware used to monitor texts, phone calls, or browsing history, as well as hardware, such as GPS trackers specifically marketed to spy or track someone without their consent, and surveillance equipment — cameras, audio recorders, dash cams, nanny cams — marketed with the express purpose of spying.
The ban doesn’t include advertising for private investigation services or products designed for parents to track or monitor children.
Google noted that violators of the policy will receive at least seven days notice before their account on the platform is suspended.
Security blogger Graham Cluley pointed out that the exemption for software that allows parents to track their children could be a big loophole in the new policy.
To dodge the policy, he wrote in his blog, “all a stalkerware company needs to do is pose as a ‘family safety’ app, which helps you keep track of your young children.”
“Sadly, I doubt Google’s ad ban will stop stalkerware apps from promoting themselves, it’s just they may no longer be able to be quite so explicit in their online adverts about how they are most likely to be used,” he added.
There may be other loopholes, too.
“Google is banning ads from app developers and about the apps themselves, but what about the ads about the blog with an article on the top 10 surveillance apps to download?” asked Liz Miller, vice president and a principal analyst with Constellation Research, a technology research and advisory firm in Cupertino, Calif.
“That isn’t about an app. It’s about content,” she told TechNewsWorld. “Is that going to be a loophole?”
“This is a great headline maker,” she added, “but the reality is I can still search for ‘spy app’ and they’re still going to come up in my Google search results.”
Miller maintained Google’s new policy is looking beyond malicious persons.
“What Google is responding to is the realization that these apps are being used not only by individuals who have malicious intent, but also criminal enterprises — especially when you start talking about apps that allow you to follow and track an individual’s movements and see content on their devices without their knowing about it,” she said.
“That’s a very slippery slope into some very dangerous privacy territory that Google doesn’t want anything to do with,” she added.
Software for spying and stalking people is a very serious problem, observed David Ruiz, a blogger for Malwarebytes Labs, a cybersecurity software maker based in Santa Clara, Calif.
“The capabilities of these types of apps are nearly limitless — they can pull text messages, emails, and call logs; reveal sensitive photos and videos; expose web browsing history; and pinpoint a person’s GPS location,” he told TechNewsWorld.
“In the hands of an abuser,” he continued, “these types of apps could make safety planning for a survivor extremely difficult, dismantling their attempts to privately call a domestic abuse hotline, find help from a friend or family member, or to physically escape.”
The damage caused by the spying and stalking software can be severe, added Chlo Messdaghi, vice president of strategy at Point3 Security, a provider of training and analytic tools to the security industry located in Baltimore, Md.
“It gives someone the power to abuse a victim psychologically, which affects them physically and emotionally for years and years,” she told TechNewsWorld.
“And when victims go to the FBI and device manufacturers and carriers, more often than not, they get no response,” she said.
“Google should have done this years ago. It’s illegal,” she observed. “A lot of us in the security space are astounded that companies still allow stalkerware to exist in their shops or their sites may carry ads for it.”
The stalkerware problem has prompted an industry response.
“To further improve the detection of such software in the cybersecurity industry, many organizations are joining the Coalition Against Stalkerware to share their knowledge and protect users against stalkerware,” explained Tara Hairston, head of government relations for Kaspersky Lab North America, an information security software company located in Woburn, Mass.
“Beyond detection, further research on the link between cyberviolence, physical violence, and the gendered nature of stalkerware use is crucial in order to develop a clearer picture and better understanding of this issue,” she told TechNewsWorld.
Fall and Rise of Stalkerware
Hairston noted that Kaspersky saw a decline in stalkerware infections among its global mobile users during the first four months of 2020, to 8,163 in April from 11,532 in January.
“It is our educated guess that this decrease may be related to the lockdown situation around the globe,” she said.
Since most stalkerware is used to spy on an intimate partner, she continued, “nowadays the need for this type of app should be declining. There is no necessity to spy on partners when they’re locked down together.”
That trend may be changing, though, a report released by another cybersecurity company, Avast, found a 51 percent increase in the United States in the use of software for spying and stalking individuals from March to June, compared to the first two months of the year.
James McQuiggan, the security awareness advocate at KnowBe4, a security awareness training company located in Clearwater, Fla., noted that the pandemic has created a fertile environment for malicious actors intent on spreading bad apps.
“Knowing that most people who use the Internet throughout the day are people at work, it’s become a target-rich environment for cyber criminals,” he told TechNewsWorld.
“End users are more exposed and vulnerable at home than inside a building with coworkers, IT support, and network protections,” he explained.