Google updates Play Store rules to impose "official" ban on apps stalkerware, but apparently the company left a fairly large gap as it allows them to upload stalkerware in the Play Store as child monitoring applications.
The Stalkerware is a term used to describe applications that monitor a user's movements, monitor calls, messages, and record the activity of other applications.
The Stalkerware, also known as spouseware, is commonly advertised to users as a way to find out who is stealing partners, watching children when they are away from home or employees at work.
The main feature of all applications stalkerware, whether intended for use on smartphones or laptops, is that these applications can be installed and run without the knowledge of the device owner. Also these applications run in the background of any operating system.
Over the past decade, the Play Store has hosted hundreds of applications stalkerware.
Google, which was trying to remove the applications stalkerware reported by security investigators, he usually refrained from making public statements on the matter.
However today in a updating the Programmer Program Policy, Google states that all applications that monitor users and send their data to another device must include "consent" and display a "persistent notice" that the user's actions are being monitored by the application.
The new rules, which will take effect next month, on October 1, ban applications stalkerware, negating their ability to install and operate without being detected when installed on devices. If user tracking applications do not have these changes, they will not go through the approval process to appear in the Play Store.
But while the new rules seem a step in the right direction, Google has also left a gap that could be abused by the devs of stalkerware.
According to Google, apps that monitor children can continue to run without asking for the user's consent or displaying a persistent on-screen alert. Adult monitoring applications must include both components, according to the company.
In other words, there is nothing to stop one stalkerware dev from rebranding its application to continue running smoothly.
In fact, today's announcement is more like an update for all malware developers than a real ban on stalkerware, with application developers having almost two weeks to comply with the rules.
This exception for child tracking applications is the same gap left by Google in a similar ban on ads stalkerware on July. A survey by TechCrunch found out that the ban on advertising stalkerware was never imposed, which raises questions about whether what the company says applies or is more about Public Relations.