Abuse of trust: How to identify and remove stalkerware

Is your phone acting weird? Has your spouse or partner complained that you are spending too much time at a certain location even though you never mentioned it? It might be that they’ve betrayed your trust by installing stalkerware on your phone. Find out what stalkerware is, how it works, and what to do if you suspect that someone is spying on you.

Stalkerware (or spyware) is a spying app or software used to let someone else track your device. It is usually installed without the user’s consent or even knowledge. In most cases, the stalker and the victim have a close relationship, and the victim does not suspect they’re being spied on. Such apps can be used by parents to monitor their kids, employers to track their employees, and insecure spouses to check on their partners.

Stalkerware can be split into two categories – dedicated spyware abused by everyday users and 'dual-use' apps, which are accessible to anyone on legitimate and well-known app stores.

The former usually openly advertises itself as spyware, can cost up to a couple of hundred dollars, and gives stalkers full access to the victim's device. With such an app, they can:

• Track the victim's location;
• Read their text messages, including on messaging apps such as WhatsApp, Messenger, and Skype;
• View their browsing history;
• Access their photo gallery;
• Make background audio recordings.

These apps can also work in “stealth mode,” meaning that the victim won't see the app on their phone or in their settings. However, it will secretly feed all their personal information to the stalker.

Advanced spyware sounds scary enough, though we shouldn't discount 'dual-use' apps as they are free, easily installed and there's a chance the victim already has it on their phone. For example, it can be a pre-installed Apple's 'Find My Friends' or 'Google Maps.'

'Dual-use' apps can masquerade themselves as something else like an app that finds nearby Wi-Fi hotspots. The victim might download it accidentally and without their knowledge be streaming their location in real time. (These apps usually have limitations and only can give away your location, but won't give access to your messages or photos). Similarly to advanced spyware, It's also difficult to notice the stealth activity of these apps.

#1 Your privacy is violated

If someone has installed stalkerware on your device and are using it to track you, they are violating your privacy and your physical security. You never gave consent to this person, and no one should ever have access to this much personal information about you. You also don't know what that person might do with your data or where it's going to end up. They might blackmail you or use your live location to follow you at night. If the stalker is someone close to you, they’re also fundamentally violating your trust.

#2 Stalkers don't get punished

There are few, if any, laws to punish stalkers who use spyware, especially if the victim willingly shared their passwords. Spyware to monitor kids or employees is unethical but not illegal, and repurposing it to spy on spouses or partners doesn't change that.

#3 Spyware apps don't care about your data

In addition to the privacy violations and knowing that someone has full access to your device, you also have to worry about hackers who might access that data. Hacktivists have started targeting spyware industry to show how easy it is to hack these companies.

Like your stalker, the app providers also have access to all your information; however, they store it on servers that may or may not be secure. Just imagine that your private texts and pictures being accessible not only to your stalker but to anyone.

#4 No one else can protect you except you

It's hard to defend yourself from such apps. They can be used in stealth mode and not all antiviruses pick up on them. Also, app stores don't always screen the apps that appear on their platforms, making malicious apps easily accessible to anyone.

Phone manufacturers also don’t seem to believe that such apps raise privacy and security concerns, so they haven't yet implemented notifications that would indicate background app activity or unusual access permissions.

• Never share your PINs or passwords with anyone, even if it's your spouse. If you can use a combination of PINs, 2FAs, and your biometric data (fingerprints or face recognition), do so. This will make it more difficult for anyone to get into your device;
• Familiarize yourself with phishing techniques. Tech-savvy stalkers who use more advanced spyware could trick you into downloading an app. With some, it's enough to click on a malicious link or download an image sent via text or social media. These might hide malicious software and will give the stalker remote access to your device;
• Don't root or jailbreak your phone as this makes it more vulnerable. If a stalker gets access to such a device, they can easily tamper with its software, gain remote access, or install apps from unauthorized app stores;
• Don’t download suspicious looking apps. They might be ‘dual-use’ apps, which can be used to track you;
• Regularly update your software, as some updates will delete (or deactivate) apps from unauthorized app stores;
• Use an antivirus.

If your phone battery is getting drained quicker than usual or your spouse, partner, or someone else you know mentions facts you only mentioned to someone over a private message, it might be that they've installed stalkerware on your phone. If you suspect that might be true, try the following:

• Go to your settings or app list and look through the apps that are running in the background. Do you recognize them all? If not, delete the suspicious apps immediately.
• Check your location sharing settings for apps such as Google Maps and Find My Friends. It may be that someone has previously set up your phone to share its location with them. If so, change the settings immediately.
• If you cannot delete the suspicious app or there's no app, but you still suspect something – try these steps to remove bloatware. If they don’t work, you might need to restore your phone to factory settings. However, some spyware cannot be eradicated with a simple factory reset. In some cases, you might need to throw away your device and start anew.

For more cybersecurity news and tips, subscribe to our monthly blog newsletter below!