Google has removed seven apps from its Google Play Store that were designed for spying on employees, romantic partners, and children.
On Tuesday, security company Avast reported four apps to Google that let people track a user’s whereabouts, see their contact list, text messages and even call history. The next day, the same company detected three more apps that were also intended for snooping.
Google, which has a policy banning apps that “secretly monitor or harm users,” removed the apps shortly after the reports.
The apps were “Spy Kids Tacker,” “Phone Cell Tracker,” “Mobile Tracking,” “Spy Tracker,” “SMS Tracker,” “Employee Work Spy,” and “Track Employees Check Work Phone Online Spy Free”. Users had installed the seven apps 130,000 times.
People who have these apps on their Android phones should delete them. Unfortunately for users, the malicious apps can be hidden on phones, potentially making them difficult for people to know that they are even present.
People who are worried about the apps being on their phone can back up their sensitive information on those devices to Google’s cloud services and then wipe the device using the instructions here.
According to Nikolaos Chrysaidos, head of mobile threat intelligence at Avast, apps like these have many uses. One prominent use: domestic abuse. “In addition to being a terrible violation of privacy, stalkerware can be linked directly to domestic violence,” Chrysaidos says. “These apps are highly unethical and should not be on the Google Play Store as they can be used by employers, stalkers, or abusive partners to spy on their victims without their knowledge or consent.”
Google says it uses automation, plus “a team of experts” to review apps that are submitted to make sure that the apps meet the company’s standards for privacy. Only after does the company make the apps in its app store.
In this case, the apps somehow slipped through the cracks. In a response to Fortune, Google provided its policy for malicious apps. The company didn’t respond to a question about how these apps it just banned got into the Play Store in the first place.
Despite the promised app reviews, bad software has fallen through the Play Store’s cracks in the past. In 2017, Google removed over 500 apps after security company Lookout revealed that apps using a certain development tool meant for ads contained spyware. The affected apps had been downloaded over 100 million times.
What about iPhone users?
Chrysaidos says it’s possible the threat hasn’t been fully eliminated from Google’s app store. “We cannot be sure if the developer has other apps out there, but because they seem to operate under different names, it is possible that other apps exist under other names,” Chrysaidos said in an email to Fortune. Very little is known about the developer, Chrysaidos said, except that it’s based in Russia.
Chrysaidos said it’s unlikely that similar apps are available through Apple’s App Store because Apple has a more rigorously checked. “There have been cases of stalkerware on iPhone, but they are very rare,” Chrysaidos says.
