Detecting and Preventing Digital Abuse

An abuser who has access to another person’s phone for even a few minutes can set up automation routines that share location or texting information, enabling them to control a phone, take unauthorized videos, and impersonate their partners. Jaime Espinoza

After identifying vulnerabilities in popular apps that can make it easy for an abuser to stalk individuals with little risk of detection, a team of UW–Madison engineers and computer scientists are developing an online service to find this covert abuse on digital devices.

The team has students to thank for the discovery. Rahul Chatterjee MS’15, an assistant professor of computer sciences, and his research group operate the Madison Tech Clinic, an initiative staffed by volunteer UW students and faculty to aid survivors of domestic and intimate partner violence and other technology-facilitated abuse.

Clinic volunteers discovered some abusers used automation apps, like Apple Shortcuts, to quickly and easily take over digital devices. Because of the nature of these apps, the digital intrusions were difficult for users to detect.

“Because of all of the capabilities of these automation apps, you can do a suite of things that previously would have required more technical sophistication, like installing a spyware app or using a GPS tracker,” says Kassem Fawaz, associate professor of electrical and computer engineering. “But now, an abusive partner just needs a little time to set up these capabilities on a device.”

In recent years, tech companies have released an array of automation apps to help simplify digital tasks like automatically turning down a phone’s volume at school or work or setting up routines for smart home devices. On the flip side, an abuser who has access to another person’s phone for even a few minutes can set up automation routines that share location or texting information, enabling them to control a phone, take unauthorized videos, and impersonate their partners.

Chatterjee first posed the issue to students in his seminar course, CS 782: Advanced Computer Security and Privacy. Shirley Zhang PhDx’28 continued the investigation as part of her graduate research in Fawaz’s lab. The researchers developed an AI system to detect shortcuts with the potential for abuse. They then turned this system into an online service people can use to detect malicious activities.

“This project is a strong example of the Wisconsin Idea,” says Chatterjee. “Ultimately, it will give back to the community by providing a tool designed to prevent the abuse of automation apps and help protect survivors.”

Published in the Winter 2025 issue