Google pulled numerous stalkerware ads which violated its policies and promoted apps that allowed potential users to spy on the phones of their spouses.
Parents are often sold consumer-grade spyware apps to track their children's phone calls, location, and messages. This is often done in the name of protecting themselves against predators. These apps are often installed secretly and without consent of the device owners. However, abusers have used these apps to spy on their spouses' phones.
In recent years, industrywide efforts have been made to stop the spread of spy apps and stalkerware. Federal authorities have taken action against spyware manufacturers that expose their victims to security threats. Antivirus companies have improved the detection of stalkerware. Google removed ads that promoted apps for monitoring or tracking another person's activities or their searches last August.
TechCrunch discovered that five app developers were still advertising their stalkerware applications as recently as last week.
Advertisements that promote spyware for partner surveillance are not allowed. A spokesperson for Google told TechCrunch that we immediately removed any ads that violated this policy. We will continue to monitor emerging behavior to stop bad actors trying to evade detection systems.
The spokesperson for Google confirmed that its policy on enabling dishonest behaviour, which governs promotion of spyware, prohibits advertisers from encouraging intimate partner surveillance but does not cover ads that encourage tracking a child's activity or monitoring the devices of their workplaces. Google also exempts private investigations services. However, Google did not specify how or if it determined for what purpose the app was used.
Supporters of Google's anti-stalkerware efforts have voiced concerns about the policy's enforcement. Malwarebytes, a founder member of the Coalition Against Stalkerware (a group of companies dedicated to fighting the growing threat from stalkerware), said last year that the policy was inadequate because it allowed stalkerware manufacturers to change the face of what they were selling without altering the core technology.
Google spokesperson declined to give details about Google's enforcement process, but stated that it considers a variety of factors when determining if an advertisement violates its policies. These include the text and images, the promotion of the product, and landing pages for the ads clicked.
TechCrunch discovered that many stalkerware apps used various techniques to successfully avoid Google's ban on advertising apps for monitoring partners. They were also able to get Google Ads approved.
One case involved mSpy. A spyware app with a serious security lapse in 2018, running Google ads that linked directly to an interstitial page on a completely separate domain to mSpys website. This tripped Google up from detecting the fact that the app was being marketed to spy upon your children, spouse, grandma, or grandpa.
ClevGuard, another stalkerware maker that in 2020 leaked the phone data of thousands of victims, ran Google advertisements that linked to a page that claimed the app could be used to dispel doubts in a marriage. This page was hidden by Google's search index via a robots file, which tells search engines what search results should and shouldn't show up. TechCrunch discovered two other stalkerware applications that used the same technique to display ads. Google also claimed they were in violation of its policies.
Other ads that violated the law were more explicit. PhoneSpector, an spyware manufacturer based in Long Island, NY ran ads that promoted the app to be a way of catching cheaters.
Google announced that it would suspend advertisers' accounts for three months if they repeatedly violated its ad policies. This includes for encouraging spyware to target spouses.
None of the stalkerware businesses responded to our requests for comment.