Monitoring your kids or employees is not illegal per se, but if someone is keeping an eye on you without your consent, you might be a victim of stalkerware and abuse. Experts are concerned as the use of stalkerware increased significantly during the pandemic.
“How can I see my boyfriend's text messages without him knowing for free?” Many similar questions online are not left unanswered as malicious actors are capitalizing on people’s desire to spy on their spouses.
Many stalkerware apps are made widely available, and they appear on the first search pages, even advertised and promoted through public relations articles.
In 2020 alone, almost 54k mobile users were survivors or stalkerware, according to Kaspersky. Stalkerware is monitoring software that enables a remote user to track activities on another user's device, such as location data, call logs, and messages. It is most often used to monitor a spouse or partner without their permission. It is yet another tool for mental and physical abuse.
Another tool for abuse
“Stalking, harassment, threats, shaming, monitoring, surveillance, and impersonation are all old behaviors of power and control,” Audace Garnett, technology safety specialist at the National Network to End Domestic Violence (NNEDV), said during a webinar.
Technology has become interwoven into our lives and changed how we shop, bank, monitor our health, travel, and communicate. Also, technology has become a powerful tool for abusers to monitor victims’ locations, isolate them, and control who they communicate with.
“Abusers can damage the device, harass survivors online, impersonate them through social media platforms, hack into their bank accounts because they know the passwords, and so much more. And these tactics are all of the power and control dynamic. These are new tools, but old behaviors that abusers are using, and this can hurt the life of a survivor,” she said.
Since the pandemic, NNEDV saw a significant increase in stalkerware. The trend was also noticed by different security companies.
Garnett said the first thing to do if you want to help a victim of stalkerware is to believe in their story.
“It is unbelievable how a person can be remotely listening to what is going on your device. We should not minimize what they are experiencing and how they are being impacted because there is no physical injury or a bruise. The long-lasting impact that technology abuse can have on a person's life is just as harmful and challenging to get through. So support is important, as well as making sure that you are not placing any conditions on your relationships, such as ‘if you don't leave that person we can't help you’. Remember always that they may not be ready to leave and that it might not be safe to do so,” she said.
Uninstalling stalkerware also might not be the safest option for the victim as it might alert the abuser.
According to the Coalition Against Stalkerware, these signs might indicate there’s stalkerware on your device:
- Mobile phone, device or laptop goes missing and reappears. Strange behavior from the device operating system or applications.
- Unfamiliar app or process is on your device.
- Lending your device for an extended period of time to someone and noticing changes in settings or unknown apps you do not recognize.
- ‘Unknown sources’ setting ‘Enabled’ on an Android device.
- Unexpected battery drain.
- Presence of an app called Cydia (iOS devices).
- Active sessions on devices you did not authorize.
- Using easy passwords that someone close to you can guess.
- Webcam permissions are on for applications you did not give permission to.
iOS vs. Android
Stalkerware is usually installed on mobile devices, and there are significant differences between iOS and Android when it comes to setting these malicious apps on victims’ phones.
“If we are talking about the iOS, it is a bit more difficult to download and install that on the iOS. Such a device needs to be either jailbroken, which is not that easy and simple, or a stalker needs to have iCloud credentials,” Lukáš Štefanko, malware researcher at ESET, said during a webinar.
Contrary, on Android, these apps are available on dozens of websites that seem to be legitimate. However, they are not.
“Stalker downloads an application into a smartphone and installs that. It can happen in 2-3 minutes, and the device is compromised,” he said.
It is not easy to identify whether the smartphone is infected. However, there are some signs that might indicate stalkerware.
“The battery drains faster and there is more internet consumption. Some weird things are happening, such as GPS, WiFi, or 4G data being enabled or disabled, or a user receiving messages that do not make sense, such as GET GPS, retrieve SMS, make calls. These are commands received from a stalker. These are the signs that something is happening with our smartphone,” he said.
Difference between stalkerware and parenting apps
Monitoring apps are not illegal per se. They might be used to keep an eye on your kids or your employees. Stalkerware apps are also positioning themselves as kid monitoring or parenting apps when, in fact, they are not.
“It is a shady way to hide,” Štefanko said.
Legit parenting apps can be found on App Store or Google Play. A kid or an employee who is being monitored knows about it.
“The purpose of such apps is to create rules, for example, to restrict access to adult content, limit time online, social media, and games. On the contrary, on stalkerware, these rules can not be created. Stalkerware extracts all data, can record calls, take pictures, and send them away. Stalkerware is hidden from the victim's view,” he said.
Moreover, many of these apps also exhibit security and privacy issues that could result in account takeover, sensitive information leaks, and even the possibility of framing users with fabricated evidence.