Google’s awkward stalkerware typo said it was ok to spy on your spouse

Back in July I described how Google had (quite rightly) joined the fight against stalkerware – those apps which allow someone to remotely spy upon your phone, your messages, and your location, without your permission.

Google resolved to do this by prohibiting products and services that promoted themselves as spying and tracking people without their authorisation.

As I explained at the time, Google’s solution is far from perfect… but it turns out that Google had thrown another spanner in the works.

Check out this part of Google’s updated policy for developers related to stalkerware.

“Legitimate forms of these apps cannot be used by parents to track their children. However, these apps can be used to track a person (a spouse, for example)…”

Yes, you read that correctly.

Google’s current guidance for developers is that it’s okay for apps to track people (such as a spouse), but not for parents to track their children.

As The Verge reports, someone at Google mixed up the words “can” and “cannot”. Which is somewhat unfortunate. After all, that’s the diametric opposite of what Google wanted!

A revised version of the stalkerware policy is due to come out soon:

Stalkerware – effective October 1, 2020

Code that transmits personal information off the device without adequate notice or consent and doesn’t display a persistent notification that this is happening.

Stalkerware apps typically transmit data to a party other than the PHA provider.

Acceptable forms of these apps can be used by parents to track their children. However, these apps cannot be used to track a person (a spouse, for example) without their knowledge or permission unless a persistent notification is displayed while the data is being transmitted.


Whether it’s right for parents to track their children without a clear notification being displayed on the child’s device is a question for another day…

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.