No Privacy Among Spies: Assessing the Functionality and Insecurity of Consumer Android Spyware Apps Proceedings on Privacy Enhancing Technologies 2023(1)
69083830/how-can-i-turn-o-camera-shutter-sound?hl=en
[49]
G. Petracca, Y. Sun, T. Jaeger, and A. Atamli, “Audroid: Preventing Attacks on
Audio Channels in Mobile Devices,” in Proceedings of the 31st Annual Computer
Security Applications Conference, 2015, pp. 181–190.
[50]
Stackoverow. (2021, 11) what are the uses of main, default and
launcher in manifest le in android - stack overow. [Online]. Avail-
able: https://stackoverow.com/questions/9721030/what-are-the-uses-of-main-
default-and-launcher-in-manifest-le-in-android
[51]
Z. Shan, I. Neamtiu, and R. Samuel, “Self-Hiding Behavior in Android Apps: De-
tection and Characterization,” in Proceedings of the 40th International Conference
on Software Engineering, 2018, pp. 728–739.
[52]
Google. (2022, 02) Intent. [Online]. Available: https://developer.android.com/
reference/android/content/Intent#CATEGORY_LAUNCHER
[53]
——. (2021, 08) Launcherapps. [Online]. Available: https:
//developer.android.com/reference/android/content/pm/LauncherApps#
getActivityList(java.lang.String,%20android.os.UserHandle)
[54]
LauncherAppsService. (2022, 08) Launcherappsservice.java - android
code search. [Online]. Available: https://cs.android.com/android/platform/
superproject/+/android-10.0.0_r1:frameworks/base/services/core/java/com/
android/server/pm/LauncherAppsService.java;l=439
[55]
Google. (2022, 02) Create deep links to app content. [Online]. Available:
https://developer.android.com/training/app-links/deep-linking
[56]
——. (2022, 02) App widgets overview. [Online]. Available: https://developer.
android.com/guide/topics/appwidgets/overview
[57]
——. (2021, 11) Recents screen. [Online]. Available: https://developer.android.
com/guide/components/activities/recents
[58]
H. Zhou, H. Wang, Y. Zhou, X. Luo, Y. Tang, L. Xue, and T. Wang, “Demystify-
ing Diehard Android Apps,” in Proceedings of the 35th IEEE/ACM International
Conference on Automated Software Engineering, 2020, pp. 187–198.
[59]
Google. (2021, 11) <activity>. [Online]. Available: https://developer.android.
com/guide/topics/manifest/activity-element#exclude
[60]
——. (2022, 02) Intent. [Online]. Available: https://developer.android.com/
reference/android/content/Intent#FLAG_ACTIVITY_EXCLUDE_FROM_
RECENTS
[61]
Z. Shan, R. Samuel, and I. Neamtiu, “Device Administrator Use and Abuse in
Android: Detection and Characterization,” in Proceedings of the 25th Annual
International Conference on Mobile Computing and Networking, 2019, pp. 1–16.
[62]
A. AlJarrah and M. Shehab, “Maintaining User Interface Integrity on Android,”
in Proceedings of the 40th Annual Computer Software and Applications Conference,
vol. 1. IEEE, 2016, pp. 449–458.
[63] Y. Shao, R. Wang, X. Chen, A. M. Azab, and Z. M. Mao, “A Lightweight Frame-
work for Fine-Grained Lifecycle Control of Android Applications,” in Proceedings
of the 2019 EuroSys Conference, 2019, pp. 1–14.
[64]
Google. (2021, 08) Jobscheduler. [Online]. Available: https://developer.android.
com/reference/android/app/job/JobScheduler
[65]
——. (2021, 08) Alarmmanager. [Online]. Available: https://developer.android.
com/reference/android/app/AlarmManager
[66]
——. (2022, 06) Broadcasts overview. [Online]. Available: https://developer.
android.com/guide/components/broadcasts
[67]
——. (2022, 06) Implicit broadcast exceptions. [Online]. Available: https:
//developer.android.com/guide/components/broadcast-exceptions
[68]
Accountable2you. (2022, 08) Android accessibility keeps turning
o accountable2you - accountable2you support. [Online]. Available:
https://support.accountable2you.com/article/754-android-accessibility-
keeps-turning-o-accountable2you#:~:text=If%20you%20notice%20that%
20Accountable2You,to%20customize%20these%20battery%20settings.
[69]
Stackexchange. (2022, 08) Accessibility services gets disabled
automatically - android enthusiasts stack exchange. [Online].
Available: https://android.stackexchange.com/questions/137195/accessibility-
services-gets-disabled-automatically
[70]
E. Fernandes, Q. A. Chen, J. Paupore, G. Essl, J. A. Halderman, Z. M. Mao,
and A. Prakash, “Android Ui Deception Revisited: Attacks and Defenses,” in
Proceedings of the 2016 International Conference on Financial Cryptography and
Data Security, 2016, pp. 41–59.
[71]
P. Mitchell. (2021, 04) How to disable auto-start apps on android - techcult.
[Online]. Available: https://techcult.com/how-to-disable-auto-start-apps-on-
android/
[72]
A. Langton. (2019, 12) Stalking stalkerware: A deep dive into exispy. [Online].
Available: https://blogs.juniper.net/en-us/threat-research/stalking-stalkerware-
a-deep-dive-into-exispy-2
[73]
P. Santhanam, H. Dang, Z. Shan, and I. Neamtiu, “Scraping Sticky Leftovers:
App User Information Left on Servers After Account Deletion,” in Proceedings
of the 2022 IEEE Symposium on Security and Privacy, 2022, pp. 2145–2160.
[74]
S. Monitoring. (2022, 02) Available sms commands for spapp. [Online]. Available:
https://www.spappmonitoring.com/news/display/live_control
[75]
Flexispy. (2022, 02) Remote commands for exispy. [Online]. Available:
https://portal.exispy.com/help/en/misc/sms-commands.html
[76]
J. Dalman. (2015, 07) Commercial spyware — detecting the undetectable.
[Online]. Available: https://www.blackhat.com/docs/us-15/materials/us-15-
Dalman-Commercial-Spyware-Detecting-The-Undetectable.pdf
[77]
M. Robinson and C. Taylor. (2020, 02) Spy vs
spy: Spying on mobile device spyware. [Online].
Available: https://media.defcon.org/DEF%20CON%2020/DEF%20CON%2020%
20presentations/DEF%20CON%2020%20-%20Robinson-Spy-vs-Spy.pdf
[78]
Zscaler. (2019, 11) A new wave of stalkerware apps. [Online]. Available: https:
//www.zscaler.com/blogs/security-research/new-wave-stalkerware-apps
[79]
——. (2018, 10) Why you shouldn’t trust "safe" spying apps. [On-
line]. Available: https://www.zscaler.com/blogs/security-research/why-you-
shouldnt-trust-safe-spying-apps
[80]
M. Grassi. (2014, 10) Reverse engineering of a commercial spyware for ios and an-
droid - speaker deck. [Online]. Available: https://speakerdeck.com/marcograss/
reverse-engineering-of-a-commercial-spyware-for-ios-and-android
[81]
Cyberarch Admin. (2021, 11) Your infosec s.w.a.t team. [Online]. Available:
https://cyberarch.eu/our-blog/pegasus-spyware-analysis/
[82]
Cyber Merchants of Death. (2017, 04) Flexspy application analysis. [Online].
Available: http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.
html
[83]
Diskurse. (2022, 01) diskurse/android-stalkerware: Various analysis of
android stalkerware. [Online]. Available: https://github.com/diskurse/android-
stalkerware
[84]
Zscaler. (2022, 05) Spyware presence in enterprise networks blog. [Online].
Available: https://www.zscaler.com/blogs/security-research/spyware-presence-
enterprise-networks
[85]
S. Sidor. (2022, 05) Android: apps can take photos with your phone
without you knowing. - mobile security - romanian security team. [Online].
Available: https://rstforums.com/forum/topic/79016-android-apps-can-take-
photos-with-your-phone-without-you-knowing/
[86]
C. Parsons, A. Molnar, J. Dalek, J. Knockel, M. Kenyon, B. Haselton, C. Khoo,
and R. Deibert, “The Predator in Your Pocket: A Multidisciplinary Assessment
of the Stalkerware Application Industry,” 2019.
[87]
D. Harkin and A. Molnar, “The Consumer Spyware Industry: An Australian-
Based Analysis of the Threats of Consumer Spyware,” Australian Communica-
tions Consumer Action Network, 2019.
[88]
D. Harkin, A. Molnar, and E. Vowles, “The Commodication of Mobile Phone
Surveillance: An Analysis of the Consumer Spyware Industry,” Crime, Media,
Culture, vol. 16, no. 1, pp. 33–60, 2020.
[89]
F. Pierazzi, G. Mezzour, Q. Han, M. Colajanni, and V. Subrahmanian, “A Data-
Driven Characterization of Modern Android Spyware,” ACM Transactions on
Management Information Systems, vol. 11, no. 1, pp. 1–38, 2020.
[90]
Á. Feal, P. Calciati, N. Vallina-Rodriguez, C. Troncoso, and A. Gorla, “Angel or
Devil? A Privacy Study of Mobile Parental Control Apps,” Proceedings of Privacy
Enhancing Technologies, vol. 2020, no. 2, pp. 314–335, 2020.
[91]
D. Harkin and A. Molnar, “Operating-System Design and Its Implications for
Victims of Family Violence: The Comparative Threat of Smart Phone Spyware
for Android Versus iPhone Users,” Violence Against Women, vol. 27, no. 6-7, pp.
851–875, 2021.
[92]
Ch33r10. (2022, 02) ch33r10/stalkerware. [Online]. Available: https://github.
com/ch33r10/Stalkerware
[93]
M. Almansoori, A. Gallardo, J. Poveda, A. Ahmed, and R. Chatterjee, “A Global
Survey of Android Dual-Use Applications Used in Intimate Partner Surveillance,”
Proceedings of Privacy Enhancing Technologies, vol. 2022, pp. 120–139, 2022.
[94]
Y. Han, K. A. Roundy, and A. Tamersoy, “Towards Stalkerware Detection With
Precise Warnings,” in Proceedings of the 37th Annual Computer Security Applica-
tions Conference, 2021, pp. 957–969.
[95]
S. Saroiu, S. D. Gribble, and H. M. Levy, “Measurement and Analysis of Spyware
in a University Environment.” in Proceedings of the 2004 USENIX Conference on
Networked Systems Design and Implementation, 2004, pp. 141–153.
[96]
M. Egele, C. Kruegel, E. Kirda, H. Yin, and D. Song, “Dynamic Spyware Analysis,”
in Proceedings of the 2007 USENIX Annual Technical Conference, 2007.
[97]
K. A. Roundy, P. B. Mendelberg, N. Dell, D. McCoy, D. Nissani, T. Ristenpart, and
A. Tamersoy, “The Many Kinds of Creepware Used for Interpersonal Attacks,”
in Proceedings of the 2020 IEEE Symposium on Security and Privacy, 2020, pp.
626–643.
[98]
H. Wang, S. Jha, and V. Ganapathy, “NetSpy: Automatic Generation of Spyware
Signatures for NIDS,” in Proce edings of the 22nd Annual Computer Security
Applications Conference, 2006, pp. 99–108.
[99]
A. Moshchuk, T. Bragin, S. D. Gribble, and H. M. Levy, “A Crawler-Based Study
of Spyware in the Web.” in Proceedings of the 2006 Network and Distributed
System Security Symposium, 2006.
[100]
A. Randall, E. Liu, G. Akiwate, R. Padmanabhan, G. M. Voelker, S. Savage, and
A. Schulman, “Truehunter: Cache Snooping Rare Domains at Large Public
DNS Resolvers,” in Proceedings of the 2020 ACM Internet Measurement Conference,
2020, pp. 50–64.
15