2021-09-30 17:28:57 – Liam Lupas
With mobile spyware on the rise and stalkerware becoming scarily prevalent, Y Combinator-backed startup Malloc has created an AI-trained app to detect the undetectable. Currently only available for Android but with plans for an iOS launch, their app — cheekily named Antistalker — runs in the background and notifies you if another app attempts to use your device’s camera or microphone. It can even tell you which app the attempt came from and, if you allow said app to use your sensors, it can let you know how long that connection is kept active.
While spyware and stalkerware are both forms of malware, there is one big difference between the two. Spyware is malware disguised as a legitimate program , so the user typically downloads it on accident, without knowing its capabilities. Stalkerware, on the other hand, is open about what it does and is meant to be installed on someone else’s device, which can then be monitored remotely. These types of apps may be used by abusive partners, though the apps’ names give some additional information for the target audience, such as “Spy Kids Tracker” for parents or “Employee Work Spy” for employers.
Malloc steps up where both Google and Apple have fallen short: Both implemented security measures that force apps to indicate when the device’s camera or microphone is being used, but some elusive spyware is still able to slip past these. In order to detect them, Malloc created their app on a machine learning model , which allows Antistalker to use past malware to identify new ones. Because stalkerware openly admits what it does, Malloc was able to round up a bunch of apps to feed into the machine learning model. This showed Antistalker’s AI the sort of behavior malware has and, by training it to specifically look for those anomalies, gave it the ability to recognize new malware.
Detecting The Undetectable
has a very simple interface, with a large on/off switch front and center. When turned on, the app monitors the device’s sensors and running apps, and if the camera or microphone is activated, the app blocks it and sends a notification to the user. The user then has the option to swipe the notification and easily whitelist the app in question if the access was intentional. Antistalker’s interface naturally allows the user to see which apps are whitelisted at any time.
In addition to sensors, Antistalker monitors how much data is sent by which app and saves this information in its interface. It specifically looks for unusual app activity, such as bursts of data sent by otherwise inactive apps, so it can notify the user about these. Due to the sensitivity of the topic, Malloc clarified that the app doesn’t send any data to the cloud itself, but it does collect some anonymized data to help it improve. As the AI continues learning this way, the app is updated regularly to keep it on top of new spyware and stalkerware.
Sources: TechCrunch ,