A recent study  has identified a new threat to consumers using cell phones or other personal devices—”creepware.” Defined as apps used primarily by non-experts to mount interpersonal attacks, these apps were not detectable by existing spyware detection techniques. That is, until a team of researchers that included Assistant Professor Damon McCoy of Tandon’s Computer Science and Engineering from New York University, and faculty and staff from Cornell Tech, and NortonLifeLock developed and applied a novel algorithm called CreepRank. Using this algorithm to evaluate anonymized data from 50 million Android devices, the team identified more than a million installs of diverse creepware apps, that enabled spoofing (114 apps), harassment (80), hacking tutorials (63), and many more.

As a result of the team’s findings, Google removed 813 apps for violating its terms and conditions. Later that year, NortonLifeLock also announced it would be incorporating CreepRank into its mobile antivirus product.

The paper documenting the team’s work was presented in May at the 2020 IEEE Security and Privacy Conference, and has received media coverage in such outlets as ZD Net, PC Magazine, and Financial Express.