The Community for Technology Leaders
2018 IEEE Symposium on Security and Privacy (SP) (2018)
San Francisco, CA, US
May 21, 2018 to May 23, 2018
ISSN: 2375-1207
ISBN: 978-1-5386-4353-2
pp: 993-1010
Rahul Chatterjee , Cornell Tech
Hadas Orgad , Technion
Sam Havron , Cornell University
Jackeline Palmer , Hunter College
Diana Freed , Cornell Tech
Karen Levy , Cornell University
Nicola Dell , Cornell Tech
Thomas Ristenpart , Cornell Tech
ABSTRACT
Survivors of intimate partner violence increasingly report that abusers install spyware on devices to track their location, monitor communications, and cause emotional and physical harm. To date there has been only cursory investigation into the spyware used in such intimate partner surveillance (IPS). We provide the first in-depth study of the IPS spyware ecosystem. We design, implement, and evaluate a measurement pipeline that combines web and app store crawling with machine learning to find and label apps that are potentially dangerous in IPS contexts. Ultimately we identify several hundred such IPS-relevant apps. While we find dozens of overt spyware tools, the majority are "dual-use" apps - they have a legitimate purpose (e.g., child safety or anti-theft), but are easily and effectively repurposed for spying on a partner. We document that a wealth of online resources are available to educate abusers about exploiting apps for IPS. We also show how some dual-use app developers are encouraging their use in IPS via advertisements, blogs, and customer support services. We analyze existing anti-virus and anti-spyware tools, which universally fail to identify dual-use apps as a threat.
INDEX TERMS
Spyware, Android-Spyware, Intimate-Partner-Violence, Domestic-Violence, Dual-use-Apps, Play-Store-Crawling, Query-Snowballing
CITATION

R. Chatterjee et al., "The Spyware Used in Intimate Partner Violence," 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, US, , pp. 993-1010.
doi:10.1109/SP.2018.00061
89 ms
(Ver 3.3 (11022016))