Google 'formally' bans stalkerware apps from the Play Store

User-tracking apps will be allowed on the Play Store, but only if they show persistent notifications about the tracking behavior.

google

Image: Mitchell Luo

Security

Everything you need to know about viruses, trojans and malicious software

Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.

Read More

Google has updated its Play Store rules to impose a "formal" ban on stalkerware apps.

Stalkerware is a term used to describe apps that track a user's movements, snoop on calls and messages, and record other apps' activity.

Stalkerware, also known as spouseware, is usually advertised to users as a way to discover cheating partners, track children while outside their homes, and as a way to keep an eye on employees at work.

The primary feature of all stalkerware apps, regardless if they're intended to be used on smartphones or laptops, is that these apps can be installed and run without the device owner's knowledge, operating in the operating system's background.

Over the past decade, the Play Store has hosted hundreds of applications that fit into the stalkerware category.

Google, which has intervened to take down stalkerware apps when they've been pointed out by security researchers, has usually avoided making public statements on the topic.

Google imposes stalkerware ban... sort of

But in an update to its Developer Program Policy today, Google said that all apps that track users and send their data to another device must include an "adequate notice or consent" and show a "persistent notification" that the user's actions are being tracked by the app.

The new rules, set to enter into effect next month, on October 1, are a ban on stalkerware apps, by negating their ability to be installed and operate undetected when installed on victim devices. If user-tracking apps don't add these required UI changes, they won't pass the approval process to be listed on the Play Store.

Today's ban comes after Google imposed a similar ban on stalkerware ads in July. A subsequent TechCrunch investigation found that the ban on stalkerware ads was never enforced, which raises the question if this one will, or if it's more of a PR stunt.

Updated on September 17. The initial version of this article stated that family (child-tracking apps) would be allowed to continue to operate without showing persistent UI notifications, allowing for a loophole in the new rules. A Google spokesperson has clarified that this is not the case.