Google has updated the Play Store rules to impose an "official" ban on stalkerware applications, but the company appears to have left a large gap as it allows them to upload stalkerware to the Play Store as child monitoring applications.
Stalkerware is a term used to describe applications that track a user's movements, monitor calls, messages, and record the activity of other applications.
Stalkerware, also known as spouseware, is commonly advertised to users as a way to find out who is stealing partners, watching children when they are away from home or employees at work.
The main feature of all applications stalkerware, whether intended for use on smartphones or laptops, is that these applications can be installed and run without the knowledge of the device owner. Also these applications run in the background of any operating system.
Over the past decade, the Play Store has hosted hundreds of stalkerware applications.
Google, which was trying to remove the stalkerware apps that reported them researchers security, has usually avoided making public statements on the matter.
However today in a updating the Programmer Program Policy, Google reports that all apps that track users and send them data them on another device must include “consent” and display a “persistent notification” that the user's actions are being tracked by the app.
The new rules, which take effect next month, October 1, ban stalkerware applications, depriving them of the ability to install and operate without being detected when installed on devices. If user tracking apps do not have these changes, they will not go through the approval process to appear in the Play Store.
But while the new rules seem a step in the right direction, Google has also left a gap that could be abused by stalkerware devs.
According to Google, apps that monitor children can continue to run without asking for user consent or displaying a persistent notification on the screen. Adult monitoring apps should include both data, according to the company.
In other words, there is nothing to prevent a stalkerware dev from rebranding his application to continue running smoothly.
In fact, today's announcement feels more like an update for all malware developers than one real ban on stalkerware, with app developers having almost two weeks to comply with the rules.
This exception for child tracking applications is the same gap left by Google in a similar ban it imposed on stalkerware ads in July. A survey by TechCrunch he found that the ban on stalkerware ads was never enforced, which raises questions about whether what the company says applies or is more about PR.
