{"id":"https://openalex.org/W7123675719","doi":"https://doi.org/10.1109/ecrime66972.2025.11327931","title":"Catch Me If You Scan: A Longitudinal Analysis of Stalkerware Evasion Tactics","display_name":"Catch Me If You Scan: A Longitudinal Analysis of Stalkerware Evasion Tactics","publication_year":2025,"publication_date":"2025-11-04","ids":{"openalex":"https://openalex.org/W7123675719","doi":"https://doi.org/10.1109/ecrime66972.2025.11327931"},"language":null,"primary_location":{"id":"doi:10.1109/ecrime66972.2025.11327931","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecrime66972.2025.11327931","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 APWG Symposium on Electronic Crime Research (eCrime)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5122716346","display_name":"Anahitha Vijay","orcid":null},"institutions":[{"id":"https://openalex.org/I241749","display_name":"University of Cambridge","ror":"https://ror.org/013meh722","country_code":"GB","type":"education","lineage":["https://openalex.org/I241749"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Anahitha Vijay","raw_affiliation_strings":["University of Cambridge,Computer Laboratory,Cambridge,United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Cambridge,Computer Laboratory,Cambridge,United Kingdom","institution_ids":["https://openalex.org/I241749"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006480228","display_name":"Luis A. Saavedra","orcid":"https://orcid.org/0000-0001-8684-8763"},"institutions":[{"id":"https://openalex.org/I241749","display_name":"University of Cambridge","ror":"https://ror.org/013meh722","country_code":"GB","type":"education","lineage":["https://openalex.org/I241749"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Luis A. Saavedra","raw_affiliation_strings":["University of Cambridge,Computer Laboratory,Cambridge,United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Cambridge,Computer Laboratory,Cambridge,United Kingdom","institution_ids":["https://openalex.org/I241749"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055346534","display_name":"Alice Hutchings","orcid":"https://orcid.org/0000-0003-3037-2684"},"institutions":[{"id":"https://openalex.org/I241749","display_name":"University of Cambridge","ror":"https://ror.org/013meh722","country_code":"GB","type":"education","lineage":["https://openalex.org/I241749"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Alice Hutchings","raw_affiliation_strings":["University of Cambridge,Computer Laboratory,Cambridge,United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Cambridge,Computer Laboratory,Cambridge,United Kingdom","institution_ids":["https://openalex.org/I241749"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.60556762,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"16"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9624999761581421,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9624999761581421,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.0071000000461936,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.00559999980032444,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/covert","display_name":"Covert","score":0.7260000109672546},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.7202000021934509},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5026999711990356},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.46810001134872437},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.3910999894142151}],"concepts":[{"id":"https://openalex.org/C2779338814","wikidata":"https://www.wikidata.org/wiki/Q5179285","display_name":"Covert","level":2,"score":0.7260000109672546},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.7202000021934509},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5695000290870667},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5026999711990356},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.46810001134872437},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4465000033378601},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.42010000348091125},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4104999899864197},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3910999894142151},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.37049999833106995},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.2985999882221222},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.296999990940094},{"id":"https://openalex.org/C2778137410","wikidata":"https://www.wikidata.org/wiki/Q2732820","display_name":"Government (linguistics)","level":2,"score":0.29159998893737793},{"id":"https://openalex.org/C109986646","wikidata":"https://www.wikidata.org/wiki/Q546113","display_name":"Public policy","level":2,"score":0.2863999903202057},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.2822999954223633},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.26759999990463257}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ecrime66972.2025.11327931","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecrime66972.2025.11327931","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 APWG Symposium on Electronic Crime Research (eCrime)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320307798","display_name":"Nokia","ror":"https://ror.org/04pkc8m17"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W1911952547","https://openalex.org/W2772213089","https://openalex.org/W2794995912","https://openalex.org/W3008101892","https://openalex.org/W4200337844","https://openalex.org/W4280551988","https://openalex.org/W4293782987","https://openalex.org/W4293783420","https://openalex.org/W4315779432","https://openalex.org/W4391623583","https://openalex.org/W4392852800","https://openalex.org/W4400242636","https://openalex.org/W4407938477"],"related_works":[],"abstract_inverted_index":{"Stalkerware\u2014mobile":[0],"software":[1],"that":[2,134],"enables":[3],"covert":[4],"surveillance,":[5],"especially":[6],"in":[7,71],"intimate":[8],"partner":[9],"relationships\u2014persists":[10],"as":[11],"a":[12,68,128,156],"significant":[13],"threat":[14],"on":[15,75,80,103],"the":[16,27,33,104],"Android":[17],"ecosystem":[18],"despite":[19],"platform-level":[20],"policy":[21,58],"and":[22,49,59,150,172],"security":[23],"enhancements.":[24],"We":[25,36,66],"present":[26],"first":[28],"multi-application":[29],"longitudinal":[30],"analysis":[31],"of":[32,159],"stalkerware":[34,43,147],"ecosystem.":[35],"analyse":[37],"82":[38],"APKs":[39],"from":[40,46,62,84],"four":[41],"prominent":[42],"brands":[44],"sourced":[45],"official,":[47],"third-party,":[48],"modded":[50],"marketplaces,":[51],"mapping":[52],"their":[53,160],"technical":[54],"evolution":[55],"against":[56],"key":[57],"OS":[60],"updates":[61],"2012":[63],"to":[64,92,123],"2025.":[65],"find":[67],"strategic":[69,118],"dichotomy":[70],"developer":[72],"behaviour":[73],"based":[74],"distribution":[76],"channels.":[77],"Applications":[78],"distributed":[79],"third-party":[81],"channels,":[82],"away":[83],"Google":[85,105],"Play,":[86],"consistently":[87],"target":[88],"older,":[89],"less-secure":[90],"APIs":[91],"preserve":[93],"invasive":[94],"functionality,":[95],"effectively":[96],"ignoring":[97],"platform":[98,107,135,152],"policies.":[99],"In":[100],"contrast,":[101],"developers":[102,148],"Play":[106],"respond":[108],"reluctantly,":[109],"often":[110],"employing":[111],"malicious":[112],"compliance":[113],"(e.g.,":[114,120],"obfuscated":[115],"notifications)":[116],"or":[117],"re-architecting":[119],"\u2018split-app\u2019":[121],"models)":[122],"circumvent":[124],"rules":[125],"while":[126],"maintaining":[127],"market":[129],"presence.":[130],"Our":[131],"findings":[132],"suggest":[133],"policies":[136],"displace":[137],"rather":[138],"than":[139],"eliminate":[140],"abusive":[141],"functionality.":[142],"By":[143],"systematically":[144],"documenting":[145],"how":[146],"navigate":[149],"subvert":[151],"governance,":[153],"we":[154],"provide":[155],"nuanced":[157],"understanding":[158],"adaptive":[161],"capabilities,":[162],"offering":[163],"critical":[164],"insights":[165],"for":[166],"developing":[167],"more":[168],"robust,":[169],"future-proof":[170],"detection":[171],"mitigation":[173],"strategies.":[174]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-01-14T00:00:00"}