Privacy Analysis of Technologies Used in Intimate Partner Abuse
Organization
Concordia University
Published
2023
Project Leader(s)
Mohammad Mannan and Amr Youssef
Summary
Intimate partner violence (IPV) is a disturbing form of abuse that occurs in romantic relationships, ranging from emotional abuse, stalking to recurring and severe violent episodes over an extended period. Unfortunately, easy access to stalkerware apps, has significantly increased such abuse in the recent times.
This project provides a systematic experimental privacy and security analysis of stalkerware apps currently available for use by abusers, as well as anti-stalkerware apps and websites that are designed to help victims. Vectors through which vulnerabilities found in stalkerware apps could be exploited by malicious actors, targeting the IPV services, IPV abusers, and IPV victims, are also studied. The project also examined the effectiveness of anti-stalkerware applications to assess their ability to detect monitoring apps on Android devices. Measurements of web tracking on websites that provide help for IPV victims are also performed, along with exploration of features provided by online services that are used by IPV app providers.
The study identified 83 stalkerware apps and websites; 58 unique apps were downloaded and analyzed. Invasive capabilities offered by these apps were enumerated and experimentally verified to clearly identify their severe privacy risks. Additionally, 125 well-known third-party web services that also help run the IPV ecosystem were identified. The report also highlighted 46 vulnerabilities across 29 apps, including broken authentication mechanisms, insecure storage of sensitive data, and other attack vectors exploitable by external attackers. Among the 323 anti-stalking help websites analyzed, 210 had third-party trackers, and 19 sites use external session replay services (exposing victims' information).
Project deliverables are available in the following language(s)
English
OPC Funded Project
This project received funding support through the Office of the Privacy Commissioner of Canada’s Contributions Program. The opinions expressed in the summary and report(s) are those of the authors and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada. Summaries have been provided by the project authors. Please note that the projects appear in their language of origin.
Contact Information
Mohammad Mannan
Professor at the Concordia Institute for Information Systems Engineering
Phone: (514) 848-2424 ext. 8972
E-mail: Mohammad Mannan
Amr Youssef Professor at the Concordia Institute for Information Systems Engineering
Phone: (514) 848-2424 ext. 5441
E-mail: Amr Youssef
- Date modified: