Fighting stalkerware is difficult. You may not suspect its presence. Even if you have, it can be difficult to detect because antivirus software has only recently started to report these apps as malicious.
Here’s a guide on how stalkerware works, what to watch out for, and what to do about it.
The different types of Stalkerware
Surveillance software has proliferated on computers for decades, but more recently spyware makers have focused on mobile devices. Because mobile devices have access to more intimate data, including photos, real-time location, phone conversations, and messages, apps have come to be known as stalkerware.
Various stalkerware applications collect different types of information. Some record phone calls, some record keystrokes, and others track location or upload photos of a person to a remote server. But they all generally work the same: an attacker with access to a victim’s device installs the app on the phone and disguises the software as ordinary software, like a calendar app.
From there, the app hides in the background and later the attacker recovers the data. Sometimes the information is sent to the abuser’s email address or can be downloaded from a website. In other scenarios, attackers who know their partner’s password can simply unlock the device to open the stalkerware and examine the saved data.
So what to do? The Coalition Against Stalkerware, which was founded by Ms. Galperin and other groups, and many security companies have offered these tips:
Check for unusual behavior on your device, like a battery that drains quickly. This could be a sign that a stalker app is constantly running in the background.
Scan your device. Some applications, such as MalwareBytes, Certo, NortonLifeLock, and Lookout, can detect stalkerware. But to be thorough, take a close look at your apps to see if anything is unusual or suspicious. If you find stalkerware, take a break before removing it: this can be useful evidence if you decide to report the abuse to law enforcement.
Ask for help. In addition to reporting stalking behavior to law enforcement, you can seek advice from resources such as the National Domestic Violence Hotline or the National Network Hosted Safety Net Project to end to domestic violence.
Audit your accounts online to see which apps and devices are connected to it. On Twitter, for example, you can click the “Security & Account Access” button in the settings menu to see which devices and apps have access to your account. Disconnect from anything that seems fishy.
Change your passwords and passwords. It’s always safer to change passwords for important online accounts and avoid reusing them across multiple sites. Try to create long and complex passwords for each account. Likewise, make sure your password is difficult to guess.
Enable two-factor authentication. For any online account that offers it, use two-factor authentication, which essentially requires two forms of verifying your identity before you can log into an account. Let’s say you enter your username and password for your Facebook account. This is step 1. Facebook then asks you to enter a temporary code generated by an authenticator application. This is step 2. With this protection, even if an attacker discovers your password using stalkerware, he still cannot connect without this code.
On iPhones, check your settings. A new stalker app, WebWatcher, uses a computer to wirelessly download a backup copy of a victim’s iPhone data, according to Certo, a mobile security company. To defend yourself, open the Settings app and look at the General menu to see if “iTunes Wi-Fi Sync” is visible. If it appears, disabling it will prevent WebWatcher from copying your data.
Apple said this was not considered an iPhone vulnerability because it required an attacker to be on the same Wi-Fi network and have physical access to a victim’s unlocked iPhone.
New start. Buying a new phone or wiping all the data on your phone and starting over is the most effective way to rid a device of stalkerware.
Update your software. Apple and Google regularly release software updates that include security fixes, which can remove stalkerware. Make sure you are using the latest software.
Ultimately, there’s no real way to beat stalkerware. NortonLifeLock senior researcher Kevin Roundy said he reported more than 800 stalkerware items in the Android app store. Google removed the apps and updated its policy in October to ban developers from offering stalkerware.
But others have appeared to take their place.
“There are certainly a lot of very dangerous and alarming possibilities,” Roundy said. “This is going to continue to be a concern.”