Full Program »
Towards Stalkerware Detection with Precise Warnings
Stalkerware enables individuals to conduct covert surveillance on a targeted person's device. Android devices are a particularly fertile ground for stalkerware, most of which spy on a single communication channel, sensor, or category of private data, though 27% of stalkerware apps surveil multiple private data sources. We present DOSMELT, a system that enables stalkerware warnings that precisely characterize the types of surveillance conducted by Android stalkerware so that surveilled individuals can take appropriate mitigating action. We use an active- and semi-supervised learning to make headway on this task, which is vital because we are the first to characterize stalkerware according to its individual surveillance capabilities at a significant scale, which requires time-consuming expert-labeling of stalkerware apps. DOSMELT leverages the observation that stalkerware differs from other categories of spyware in its open advertising of its surveillance capabilities, which we detect on the basis of the titles and self-descriptions of stalkerware apps that are posted on Android app stores. DOSMELT achieves up to 96% AUC for stalkerware detection with a 91% Macro-F1 score of surveillance capability attribution for stalkerware apps. DOSMELT has detected hundreds of new stalkerware apps that we have added to the Stalkerware Threat List.