Analyzing the Monetization Ecosystem of Stalkerware
Authors: Cassidy Gibson (University of Florida), Vanessa Frost (University of Florida), Katie Platt (University of Florida), Washington Garcia (University of Florida), Luis Vargas (University of Florida), Sara Rampazzi (University of Florida), Vincent Bindschaedler (University of Florida), Patrick Traynor (University of Florida), Kevin Butler (University of Florida)
Volume: 2022
Issue: 4
Pages: 105–119
DOI: https://doi.org/10.56553/popets-2022-0101
Abstract: Stalkerware is a form of malware that allows for the abusive monitoring of intimate partners. Primarily deployed on information-rich mobile platforms, these malicious applications allow for collecting information about a victim’s actions and behaviors, including location data, call audio, text messages, photos, and other personal details. While stalkerware has received increased attention from the security community, the ways in which stalkerware authors monetize their efforts have not been explored in depth. This paper represents the first large-scale technical analysis of monetization within the stalkerware ecosystem. We analyze the code base of 6,432 applications collected by the Coalition Against Stalkerware to determine their monetization strategies. We find that while far fewer stalkerware apps use ad libraries than normal apps, 99% of those that do use Google AdMob. We also find that payment services range from traditional in-app billing to cryptocurrency. Finally, we demonstrate that Google’s recent change to their Terms of Service (ToS) did not eliminate these applications, but instead caused a shift to other payment processors, while the apps can still be found on the Play Store; we verify through emulation that these apps often operate in blatant contravention of the ToS. Through this analysis, we find that the heterogeneity of markets and payment processors means that while point solutions can have impact on monetization, a multi-pronged solution involving multiple stakeholders is necessary to mitigate the financial incentive for developing stalkerware.
Keywords: stalkerware, monetization, mobile security, application analysis
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.