What is Stalkerware?
Stalkerware is monitoring software or spyware, such as apps, software programs, and devices that allow another person to secretly monitor your phone, tablet, computer or device activity.
Stalkerware apps and software is often pitched by the companies who develop the technology, as a way to monitor employee activity or children.
Sometimes stalkerware is also referred to as “spouseware” because it is often used by intimate partners to track their spouse or significant other.
In reality, stalkerware is a form of cyberstalking and surveillance.
Some of the things stalkerware can do:
- Track your phone’s location
- View messages and emails
- View the device’s pictures and videos
- Depending on the app, can activate your camera or microphone
- Log your keystrokes when you enter passwords/pin codes for your apps
- Screen record and see everything you type
Unfortunately, this software is legal to buy and sell, but it’s not meant to be used without notifying the person you are tracking. For example, companies must notify their employees if they use software to monitor employee activity on their work devices.
Signs of Stalkerware
There are several things that occur when stalkerware is installed on your phone.
You might notice the phone running hotter than usual, or your battery drains faster.
You might also see unusual notifications or your phone apps and phone are running slower than normal.
Checking your mobile data usage levels can also indicate if there is an app running in the background and consuming more than your usual amount of data.
Pay attention to the permissions allowed by the apps in your app list, such as geolocation access or accessibility (in Android these are features that allow an app to control phone settings, read on-screen text, etc.)
Monitoring apps hide their app icons but they might show up in the main apps lists, under an innocuous name such as “Calculator.”
Additionally, if your GPS turns on after you turn it off, this could be another sign you might have stalkerware on your device.
If you’ve received suspicious emails or texts with links that you clicked or you were told to download apps from sources other than the official app stores.
You know your phone and what is normal, but if someone had access to your phone for an extended period-of-time, or they keep showing up physically where you are (think partner, boyfriend, significant other), you might have stalkerware.
Please understand, that the presence of one, or all of these indicators doesn’t necessarily mean that your phone is infected. Some legitimate apps can also drain your battery and make your phone run hotter, or activate your GPS (maps).
These signs are simply indicators that you should look closely at what apps are running on your phone.
What to Do if You Think You Have Stalkerware
First of all, don’t panic. It’s possible there’s a legitimate reason for what you’re seeing on your phone. However, to be on the safe side, it’s best to examine things from a few different angles.
Let’s consider your threat model or risk profile. Think about your safety needs, and what that means if you’re being tracked.
If you’re in a place you don’t want to be tracked or found, take your phone directly to law enforcement.
If you’re currently safe, but don’t want to tip off the person you suspect is tracking you, maintain normal behavior. Keep going about your daily routines, but don’t talk about sensitive topics until you’re sure your phone is safe.
If you’re able to, get a prepaid burner phone that will allow you to talk about personal matters or sensitive topics without being tracked. Consider storing the burner phone in a safe location away from your primary residence, such as a friend’s house.
If there is a concern for your safety, or you’ve received any type of threat, go to law enforcement immediately. If you need to get out and go to a shelter or safe space, do not take the suspect phone with you until you’re sure it’s clean.
How to Check Your Phone
If you’re an iPhone user, your chances of having stalkerware installed on your phone are not zero, but it’s less likely than if you’re carrying an Android or other phone. Apple devices tend to have very good security.
Here’s how to check on your iOS device/phone:
First look to see if your phone is jailbroken, this means you or someone else has allowed unofficial apps to run on the phone.
There are a couple of apps to look for, one called Cydia or SB Settings, which are often, but not always present when a phone is jailbroken.
Here’s how to check on your Android phone:
From Settings on Android, tap Apps and Notifications, then See All apps. Sometimes stalkerware is stealthily hidden in the Settings menu in Android. Look for menu items that seem odd or that you haven’t noticed before.
You can also check “Unknown Devices,” “Allow installation from Unknown Devices,” and/or “install from untrusted APKs”
If you can’t find these settings you might be able to use the search feature in Settings. Check to see if any of those settings are toggled to On. There will be some Google related apps that appear there, so that’s expected.
Install and run a security program, such as Lookout Mobile Security, which is used for detecting stalkerware, and will give you a report of what it finds.
What if You Have Stalkerware?
If you find stalkerware on your phone, turn it off and take it to law enforcement. Make sure you get a copy of the police report and a record that they took your phone into evidence. Escalate the request if the first officer doesn’t want to file a report.
If going to law enforcement isn’t right for you, the safest option is a factory reset of your phone (after you back up essential files, pictures, etc). This restores your phone to factory settings, and gets rid of all non-default apps. If you’re unsure how to reset your phone, your provider can assist.
Currently, there are not commercially available stalkerware apps that survive a factory reset.
One small note, changing your Android settings to remove suspect device administrators should be enough to disable software, but won’t necessarily remove the stalkerware. A full factory reset is the best solution.
Once your phone is reset, change all your passwords and enable two-factor authentication everywhere possible. This helps secure your accounts, even if someone knows your password, it makes it more difficult for them to access anything.
How to Reduce Your Risk of Stalkerware
Here are some useful tips to keep stalkerware off your devices:
Install an antivirus software solution on your devices, and make sure you keep it updated.
Don’t download files from untrusted third-party sources or torrents (pirating sites, such as Bit Torrent).
Avoid clicking on suspicious links or pop-up ads that appear while you’re surfing the web, they could lead to phishing sites that trick you into downloading malicious apps on your device. Download only trusted apps through the Apple or Google stores.
Check your app permissions before you install an app.
Do not allow third-party users to connect to your phone or computers & tablets via USB cable, Bluetooth, or Wi-Fi, it could transmit malware to your device.
Stalkerware requires physical access to your devices, limit or restrict access to your devices if can do it safely.
Add a secure password or PIN to your device and your apps (one that no one would know).
If you’re adding passwords & PINs to your devices and you’re monitored by someone, or this behavior would be odd for you, please take note and consider if it’s safe for your situation.
Please note this is general guidance and some of this, all of this, or none of this might apply to you. Consider your threat model, what your normal behaviors are, and whether you’re in a safe situation to make the necessary changes to protect your devices.
If you found this article useful, join us over in Security Snacks, our Membership, which offers simple, snackable, security lessons.
Sources: Go Ask Rose ; Operation Safe Escape, Wired Magazine, Coalition Against Stalkerware