The Spyware Used in Intimate Partner Violence

Survivors of intimate partner violence increasingly report that abusers install spyware on devices to track their location, monitor communications, and cause emotional and physical harm. To date there has been only cursory investigation into the spyware used in such intimate partner surveillance (IPS). We provide the first in-depth study of the IPS spyware ecosystem. We design, implement, and evaluate a measurement pipeline that combines web and app store crawling with machine learning to find and label apps that are potentially dangerous in IPS contexts. Ultimately we identify several hundred such IPS-relevant apps. While we find dozens of overt spyware tools, the majority are "dual-use" apps — they have a legitimate purpose (e.g., child safety or anti-theft), but are easily and effectively repurposed for spying on a partner. We document that a wealth of online resources are available to educate abusers about exploiting apps for IPS. We also show how some dual-use app developers are encouraging their use in IPS via advertisements, blogs, and customer support services. We analyze existing anti-virus and anti-spyware tools, which universally fail to identify dual-use apps as a threat.

[1]  Nicola Dell,et al.  Digital Technologies and Intimate Partner Violence , 2017, Proc. ACM Hum. Comput. Interact..

[2]  Leyla Bilge,et al.  Measuring PUP Prevalence and PUP Distribution through Pay-Per-Install Services , 2016, USENIX Security Symposium.

[3]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[4]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[5]  Nicola Dell,et al.  “A Stalker's Paradise”: How Intimate Partner Abusers Exploit Technology , 2018, CHI.

[6]  Tara Matthews,et al.  Stories from Survivors: Privacy & Security Practices when Coping with Intimate Partner Abuse , 2017, CHI.

[7]  Christopher Meek,et al.  Adversarial learning , 2005, KDD '05.

[8]  Gianluca Stringhini,et al.  MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models (Extended Version) , 2016, NDSS 2017.

[9]  Nicolas Christin,et al.  Ethics in cryptomarket research. , 2016, The International journal on drug policy.

[10]  Heng Yin,et al.  DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android , 2013, SecureComm.

[11]  Stephen Checkoway,et al.  iSeeYou: Disabling the MacBook Webcam Indicator LED , 2014, USENIX Security Symposium.

[12]  Sharon G. Smith,et al.  National Intimate Partner and Sexual Violence Survey (NISVS) : 2010-2012 state report , 2017 .

[13]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[14]  C. Fraser,et al.  The New Age of Stalking: Technological Implications for Stalking , 2010 .

[15]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[16]  D. Woodlock The Abuse of Technology in Domestic Violence and Stalking , 2017, Violence against women.

[17]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[18]  Engin Kirda,et al.  A Look at Targeted Attacks Through the Lense of an NGO , 2014, USENIX Security Symposium.

[19]  Damon McCoy,et al.  To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[20]  Rohini K. Srihari,et al.  Feature selection for text categorization on imbalanced data , 2004, SKDD.

[21]  Marwan Mattar,et al.  Labeled Faces in the Wild: A Database forStudying Face Recognition in Unconstrained Environments , 2008 .

[22]  Adrienne Porter Felt,et al.  Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness , 2013, USENIX Security Symposium.

[23]  Zhenlong Yuan,et al.  DroidDetector: Android Malware Characterization and Detection Using Deep Learning , 2016 .

[24]  Vern Paxson,et al.  When Governments Hack Opponents: A Look at Actors and Technology , 2014, USENIX Security Symposium.

[25]  Amy Bruckman,et al.  Domestic violence and information communication technologies , 2011, Interact. Comput..

[26]  Chris Sharp,et al.  Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software , 2016, USENIX Security Symposium.

[27]  Yajin Zhou,et al.  Taming Information-Stealing Smartphone Applications (on Android) , 2011, TRUST.

[28]  Jacob Cohen A Coefficient of Agreement for Nominal Scales , 1960 .

[29]  Bruce Schneier,et al.  Privacy threats in intimate relationships , 2020, J. Cybersecur..

[30]  Tatsuya Mori,et al.  Detecting and Classifying Android PUAs by Similarity of DNS queries , 2017, 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC).

[31]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[32]  Christopher Meek,et al.  Good Word Attacks on Statistical Spam Filters , 2005, CEAS.

[33]  J. Hanley,et al.  The meaning and use of the area under a receiver operating characteristic (ROC) curve. , 1982, Radiology.

[34]  Rakesh Vidya Chandra,et al.  Python Requests Essentials , 2015 .

[35]  David Knox,et al.  Using technology to control intimate partners: An exploratory study of college undergraduates , 2011, Comput. Hum. Behav..

[36]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[37]  David A. Wagner,et al.  Somebody's Watching Me?: Assessing the Effectiveness of Webcam Indicator Lights , 2015, CHI.

[38]  Tao Xie,et al.  WHYPER: Towards Automating Risk Assessment of Mobile Applications , 2013, USENIX Security Symposium.