Stalkerware: What it is, and how to remove it from your device

What is stalkerware? 

Stalkerware is a type of malware that monitors your location and digital activity without your consent. Most stalkerware attacks happen on smartphones and other mobile devices, although they can also happen on desktop computers. People usually need physical access to the device to install stalkerware. That’s why stalkerware is usually installed by someone close to you, such as a romantic partner, ex-partner, or family member.

How does stalkerware work? 

Stalkerware works by transmitting activity from your device to the stalker’s device. As long as you both have an internet connection, they can see things like your location, your phone calls and messages, and your social media activity. 

Many stalkerware programs are readily available for download online, especially on rooted Android devices. In most cases, this attack can’t be done remotely because the attacker needs to physically install the program on your device. 

If stalkerware is installed on your phone, you won’t be able to see it, but it will be running in the background. Over time, it will also negatively affect your phone’s performance. 

Who uses stalkerware and why? 

Stalkerware is typically used in toxic romantic or familial relationships where one person wants to monitor and control the other’s behavior. For example, an abusive partner might install stalkerware to track their partner’s location, monitor their messages, and generally infringe on their privacy. They could also use stalkerware to steal photos or sensitive data and use these files to manipulate their victims. 

Abusive family members may also use stalkerware to track you without your consent. These stalkerware attacks are very different from legitimate parental monitoring apps, which are implemented with the entire family’s consent and used to keep kids safe online. 

In some cases, stalkerware is used for other types of cyber espionage, but this is rare. For example, oppressive governments might use stalkerware to spy on political opponents. 

How do I know if my phone has stalkerware? 

Stalkerware may not show up on your apps list, but it can affect your phone’s behavior in other ways. Watch out for the following signs that your phone may have stalkerware. 

Unusual device behavior

Stalkerware will cause your device to do strange things that don’t make sense. One common sign is that your maps and GPS apps are always running, no matter how many times you close them or turn them off. You might also notice that your device doesn’t turn on or shut down properly. Some stalkerware programs also contain adware, which can cause strange pop-ups on your device. 

Strange apps or files

If stalkerware has been installed on your phone, you might notice some strange apps that you didn’t download. Stalkerware is designed to blend in with the rest of your phone, so it’s often disguised as something more generic, like a camera or maps app. 

Drained battery or slow performance

Stalkerware is always running in the background of your device, so it zaps your battery life quickly. If your battery is always drained for no apparent reason, it could be a sign of stalkerware. 

Additionally, stalkerware uses up your phone’s resources and slows down performance. Your apps and websites may load very slowly or not function correctly. Your phone may even overheat from the excess resource usage. 

How to identify stalkerware on iOS devices

Installing stalkerware on an iPhone or other iOS devices is more difficult for hackers than installing such apps on Android. This is because iPhones need to be “jailbroken” to install suspicious software programs. 

However, stalkerware attacks on iOS are still possible, especially if the hacker has regular physical access to your device. There are a few things you can do if you think your iPhone, iPad, or other Apple device may contain stalkerware. 

1. Scan for unfamiliar apps

Go through your entire apps list and look for anything you didn’t download yourself. Spyware apps aren’t always obvious because they’re often disguised as other, more utilitarian apps like cameras, clocks, maps, or calendars. However, upon closer inspection, it becomes obvious that the app isn’t legitimate. 

Additionally, keep an eye out for parental control apps. Stalkers will sometimes use legitimate apps like OurPact or FamiSafe to monitor your location, block certain apps, and even see your screen. 

2. Check for unknown configuration profiles

Another popular strategy for stalkers is creating a device management profile on your iPhone or iPad. Device management profiles allow others to reconfigure settings and manage your device remotely. While these profiles are designed for remote work, they’re often abused by malicious threat actors who want to spy on your cell phone. 

To see your device profiles, go to “Settings” > “General” > “VPN & device management.” If you see any additional profiles, delete them. 

3. Look for Wi-Fi sync

Another iOS feature that’s often exploited by stalkers is Wi-Fi sync. This feature automatically backs up the data from your iPhone to a computer when you’re on the same Wi-Fi network.  While this feature is helpful for preventing data loss, it can be dangerous when used in conjunction with stalkerware. Stalkers can set up your iPhone to sync to their computer, giving them access to most of your personal data.

Unfortunately, it’s not always obvious that your phone is Wi-Fi syncing just by looking at your settings. Instead, check for other devices that are on your network using your router. If you suspect that your stalker has enabled Wi-Fi sync, avoid connecting to the network until you can secure your phone. 

4. Search for signs of jailbreak

Stalkerware typically requires a jailbroken iPhone to use. Look for apps associated with jailbroken iPhones, such as Cydia, Sileo, iFile, or Appcake, as well as any other suspicious-looking apps. 

5. Perform a privacy audit

A privacy audit will help you identify which apps are collecting your data. For example, Apple’s Safety Check feature helps you review privacy permissions efficiently, but you can also go through them one-by-one in your settings if you’re worried you’ve missed something. You can also use the App Privacy Report feature to see what type of data is being shared with your apps. 

6. Lock down iCloud

If you think someone else may have access to your iCloud, lock it down to keep your information private. You can do this by changing your Apple ID password and enabling two-factor authentication. You can also make use of the screen time feature to remove access to specific apps. 

How to identify stalkerware on Android devices

Stalkerware is more common on Android devices than iOS devices. This is because hackers don’t need to jailbreak the device to install malicious programs. Follow these steps to detect stalkerware on an Android phone. 

1. Check your Google Play Protect settings

Google Play Protect is a feature in the Google Play store that protects your Android device from harmful apps. It warns you before downloading suspicious apps and can remove apps from your device if malicious activity is detected. 

If someone has installed stalkerware on your device, they would need to change your Google Play Protect settings first. To check your settings, open the Google Play Store and tap on your profile icon in the top right-hand corner. Then, go to “Play protect” and then “Settings.” You’ll be able to see if someone has disabled app scanning and alerts. 

2. Check if accessibility services have been tampered with 

Some stalkerware apps make changes to Android accessibility settings. If you suspect that there is stalkerware on your device, go to “Settings” > “Accessibility.” If a stalkerware app is abusing Android accessibility features, it will show up in this menu. If not, you won’t see any apps listed here. 

3. Check your notification access

Stalkerware apps could be granted access to your notifications, which lets bad actors read all of your incoming messages and device alerts. To check these settings, go to “Settings” > “Notifications” > “Device & app notifications.” This will show you which apps have been granted these special permissions, and can help you find stalkerware apps that have been hiding on your phone. 

4. Check if a device admin app has been installed

Stalkerware for Android often takes advantage of device admin app options. Similar to device management profiles for iOS, device admin apps were intended for organizations to manage employee phones remotely. 

However, stalkerware uses this feature to take control of your data and your activity. Check the device admin app section of your settings to see if you can notice any unwanted apps. 

5. Review your installed apps list

In Android’s settings, you can see a list of all apps currently installed — even ones that aren’t showing up on your home screen. Check this list for suspicious apps that could be posing as stalkerware. 

How to prevent stalkerware 

If you suspect that someone in your life might be trying to take control of your phone, you can take a few steps to protect yourself from stalkerware. 

Keep your software up to date

Outdated systems are more vulnerable to stalkerware. Take time to regularly update your software and hardware to the latest versions, which are more likely to have anti-malware protections. Additionally, take the time to regularly go through your entire apps list. Remove outdated apps that you aren’t using anymore to reduce your device’s possible attack surface. 

Avoid suspicious downloads and links

A stalker might send you phishing messages and encourage you to download an app without telling you what it is. If you are worried about stalkerware, don’t click on any links or download any apps unless you are 100% sure they are safe to use. 

Use privacy and security tools

Installing digital privacy tools and settings on your device can help prevent unwanted app downloads. For example, you can install NordVPN’s Threat Protection Pro™, which helps with stalkerware detection by identifying malicious files and blocking sketchy ads and websites. 

Additionally, keep an eye on your device’s physical location. Don’t leave your phone or computer in a place where someone else could tamper with it. You can also set up biometric authentication, which requires your fingerprint or facial recognition to access your device. 

What to do if you find stalkerware

If you find stalkerware on your phone, you’ll need to take action right away to protect your privacy. Take the following steps to regain control of your device.

Prioritize your safety

Your physical safety is most important, so start by getting to a safe location. If you suspect that someone you live with put stalkerware on your phone, stay at work, school, or another safe location away from them while you figure out next steps. Disconnect your phone from the internet and turn it off so it can’t transmit your location data to your stalker. 

Report and seek help

Stalkerware is illegal in most cases, so go to your local authorities to file a police report. If you’re not sure who put the stalkerware on your phone, they can help you figure out who it might be so you can stay safe. Local law enforcement can also recommend support groups to help you get out of a dangerous situation. 

Contact support services

Finally, reach out to others to get the support you need to stay safe. This step could mean reaching out to a local domestic violence group or just reaching out to trustworthy friends and family members. Additionally, consider talking to a tech support service to remove the stalkerware from your phone so you can use it safely again.