March 4, 2021

Does your phone have stalkerware?

Some apps can be harmful, especially when used to invade your privacy. Here are the basics on stalkerware: what is it, who uses it, and how can you determine if it’s being used on your phone.

Technology is a tool. Its existence on its own has no moral value, positive or negative. But the use of technology can be helpful or harmful. When Albert Einstein figured out his formula for mass-energy equivalence, the famous E = mc2, it helped humanity understand nuclear fission reactions and led to an explosion of new technologies. In time we could save lives by treating cancer with radiotherapy. But it could also be used to kill large numbers of people with nuclear bombs. Einstein eventually regretted how his breakthrough aided the development of the Manhattan Project. “I have always condemned the use of the atomic bomb against Japan but I could not do anything at all to prevent that fateful decision.”

Computer networking technology, PCs, and mobile devices have also measurably improved our world while also doing harm. When we research cybersecurity, cybercrime, and cyberwarfare, we become greatly aware of the harmful aspects of computer technology. And not all of the harm is done by singular incidents killing thousands of people. Some of the harm can be very personal, very intimate.

Violence and abuse in the home can be a very uncomfortable topic. We form affectionate attachments to other people. But when the people who are close to us are harmful, they can now use computer technology as a weapon. Not all cyber attacks come from financially lucrative cybercrime or sophisticated cyberwarfare. Sometimes the most destructive cyber attacks can come from a romantic partner or family member. Let’s talk about stalkerware.

What is stalkerware?

Stalkerware is a type of spyware. The word describes precisely what it does, spyware is malware that’s used to acquire information about you without your permission. A lot of viruses and other sorts of malware fall into that category. They can infect the many different types of computers people use every day– from iPhones and Android phones to PCs, to internet-connected appliances.

Stalkerware is spyware that’s specifically designed to stalk a targeted individual through their everyday lives. Where are they going? Who are they talking to on the phone, through text messages, social media, email and more? Your phone is a treasure trove of information about your everyday activities, often down to the finest detail. So phones are a particularly lucrative target for stalkerware.

Who uses stalkerware?

Employers

Sometimes employers use spyware to monitor their employees, largely out of a concern about their productivity and whether or not they’re sharing proprietary business information with unauthorized parties.

When employers use spyware on devices that are the property of the employer, it’s generally legal. The legal risks and potential ethical violations are much greater when employer spyware install spyware on the employee’s personal devices. Especially when they do it without the employee’s knowledge and consent.

Current or former partners

A lot more often, spyware that’s considered to be stalkerware is used by abusive romantic partners or ex-partners. The victims and the perpetrators could be of any gender. Perpetrators could be current or former boyfriends, girlfriends, husbands, wives, spouses, dating partners, or sexual partners.

The abusive partners who use stalkerware as a weapon against their partners have pathologically controlling attitudes toward their victims. Whether their victims are currently in a relationship with them or not, they may believe that their victim should only be in a relationship with them. They want to maintain commitment and attachment through force if necessary. If they’re still officially in a relationship with their victim, they may have a fixation with making sure their partner isn’t committing adultery. If they’ve broken up, they may want to know every detail about what their ex is doing to facilitate interfering with their ex’s ability to form new romantic attachments. For example, they may want to track their ex’s new partner down and intimidate the new partner into breaking up with their ex so they can have their ex back in their lives.

You may be surprised to learn how common stalkerware abuse is.

The stalkerware phenomenon

A number of academics, including Diana Freed, Rahul Chatterjee, Periwinkle Doerfler and others, conducted a recent study that focused on the use of stalkerware by abusive partners. Their study is titled “The Spyware Used in Intimate Partner Violence,” and their research was facilitated by Cornell Tech, New York University, Technion, Cornell University, and Hunter College.

How many stalkerware apps are there? A lot!

The team found a huge number of stalkerware apps in both the Google Play Store for Android and the App Store for iPhones. It took them quite a lot of digging. They tried searching with various key terms such as “cheaters” and “how to spy on my husband.” They made a list of all the apps their key terms found. From there, they manually removed false positive search results such as apps for finding video game cheat codes. They examined each true positive app one-by-one to verify its utility for the possible monitoring of the abuse victim’s phone activities without their consent. From there, the research team confirmed that they found more than 3,500 potential stalkerware apps for Android and 451 potential stalkerware apps for iPhones.

It’s worth noting that Google and Apple’s app approval models are different. Google takes a blacklisting approach. Android accepts apps by default and only removes apps if Google determines them to be malicious or otherwise in violation of their policies. Whereas Apple takes a whitelisting approach with their iPhones– each app submission must pass Apple’s screening process before it’s available in the App Store.

The research team also found 23 “off store” stalkerware apps. Off store apps are not available in the Google Play Store or App Store. Perpetrators must buy these from an independent website. Android phones can install off store apps by permiting it in settings. And, iPhones must be jailbroken in order to install apps from outside of the App Store.

How do developers adverstise stalkerware apps?

Of course, these stalkerware apps often don’t advertise themselves as being instruments of intimate partner violence. Sometimes they take the form of innocuous apps for personal phone tracking, with features that are useful if someone loses their own phone and wants to find it. Or perhaps you’d like to sync your phone’s SMS messages or other data with your PC so you can access your data from different devices. Those are handy features everyone should be able to use if you’re tracking your own phone and your own data. These apps become stalkerware when abusive partners exploit these features to violate their victims’ privacy. Some of the stalkerware apps are advertised for couples to engage in mutual tracking. That’s with the assumption that both partners are tracking each other with mutual consent. Most of the rest of the stalkerware apps are advertised for employee monitoring or parental control monitoring.

But scarily enough, some stalkerware apps developers market stalkerware in ways that make their role in facilitating domestic abuse more obvious. For instance, the research team found an app called HelloSpy, which the developer calls a “mobile spy app for personally catching cheating spouses.” Spyzie, another stalkerware app, has a website with a page titled “how to spy on my cheating wife.” The more blatantly marketed stalkerware apps are usually the ones that are sold “off store.” That’s likely because marketing apps that way makes it difficult for stalkerware developers to have their apps approved under Google and Apple’s policies to be made available in their respective app stores.

Install always-on privacy
Install Startpage's private search browser extension.

 

How can you tell if your phone has stalkerware?

Stalkerware by design is usually difficult to notice on a victim’s phone. A stalkerware victim is unlikely to find an app icon for the malware. Abusive partners don’t want their victims to know about their espionage, otherwise their victims might interfere! According to the Federal Trade Commission, here are some signs that your phone may be infected with stalkerware:

  • Your phone’s battery drains faster than usual. Running more apps in the background consumes more of your phone’s battery. Plus, stalkerware apps can sometimes exploit a phone’s camera and various operating system processes. All of that activity consumes more power.

  • Your abuser has physical access to your phone. Installing stalkerware apps often requires physical phone access. If your partner knows your lock screen’s password or you’ve left your phone unlocked in their presence, they could infect your phone with stalkerware. Other times, abusers may install stalkerware as Trojan malware by sending you seemingly harmless photos, links, or attachments via email or text message. “Look at these cute puppies, honey!”

  • Your abuser knows more about your activities than they would otherwise. For example, maybe you have a friend you chat with through Facebook Messenger. If you never told your abuser about your friend but your abuser mentions your conversation with them, that’s a definite red flag.

  • Unexplained data usage on your phone bill could be a possible indication. For example, you might use an average of 2GB of data per month. Your phone usage patterns don’t change, but all of a sudden your service provider says you used more data this month. A stalkerware app could be using extra data.

  • You have difficulty turning off your phone. Stalkerware doesn’t work very well if your phone’s turned off!

What can you do?

If you suspect that your abuser has installed stalkerware on your phone, you should take immediate action.

First, you should backup your phone data. Your phone’s data could be very useful for law enforcement to investigate how your abuse. Google has detailed information on how to properly backup your Android phone. Apple also has instructions for properly backing up your iPhone or iPad.

Next, perform a factory reset on your phone in order to remove the stalkerware. Android devices can be reset from the Settings app. iPhones can be reset through macOS or through the iTunes app on either Mac or Windows. Keep in mind that resetting your phone will make your phone’s software revert to the state it was in before you purchased it. That’s another reason why it’s important to backup your phone data first.

Finally, whether or not your abusive partner is using stalkerware on you, you can seek help to escape their abuse. The National Domestic Violence Hotline’s website has a wealth of resources that can help you. Don’t stay in an abusive relationship, get out as soon as you can!

 

Was this article helpful?

Go Private

Make Startpage your
default search engine

Set as default