Android built-in security features won’t protect from stalkerware, EFF warns

Published: 8 November 2025
Last updated: 8 November 2025
Android security, antivirus
Image by Cybernews.

Android built-in security and antivirus apps often fail to protect users from stalkerware – malicious surveillance tools installed on a device without the owner’s knowledge by harassers and other stalkers.

Among the thirteen security vendors analyzed by the Electronic Frontier Foundation (EFF), twelve failed to completely protect their users against all 17 tested samples of stalkerware.

Google Play Protect performed the worst, achieving only a 53% detection rate, while Malwarebytes Mobile Security was the only security app that detected all samples.

ADVERTISEMENT

Stalkerware refers to commercially available apps designed to covertly spy on another person’s device, personal data, and exfiltrate it without their knowledge. It is capable of giving continuous access, reading text messages, viewing photos, tracking location, recording calls, logging keystrokes, and monitoring other activities.

EFF has been constantly warning about this grey market where apps, marketed for parental control or employee monitoring, are being misused by harassers, particularly in cases of domestic violence and partner abuse. The legality of stalkerware varies across jurisdictions.

Has my data been leaked?
Check Now

To install stalkerware, the attacker typically requires physical access to the victim’s device. The app then removes its icon and runs silently in the background, sending the collected data. It is also designed to resist removal by requiring a password or by blocking access to the settings.

“While it may be legal to buy and sell such software, using it to monitor someone without their knowledge is often a crime. Vendors typically include disclaimers in their terms and conditions, requiring customers to obtain permission before installation, yet design their apps to remain hidden and untraceable. Such warnings are therefore largely meaningless,” EFF warns.

Concerning results

The EFF tested the “full scan” features of the thirteen well-known mobile security apps for Android, giving them the best chance to detect stalkerware.

stalkerware-security-test
ADVERTISEMENT

“Malwarebytes stood out by detecting all stalkerware testcases, achieving a 100% detection rate,” the “Independent Tests of Anti-Virus Software” report reads.

Four more apps, including Bitdefender, ESET, and McAfee, only slipped on one stalkerware sample (94%).

“Avast, Avira, and F-Secure also performed well, identifying 88% of the test set, while Norton and Sophos achieved moderate coverage, detecting around 82%,” the EFF researchers said.

“At the lower end, G Data (65%), Google (53%), and Trend Micro (59%) missed a substantial portion of the stalkerware.”

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Google News Follow us

The report also highlighted that some malicious apps can actively interfere with the security solution, preventing it from functioning properly.

EFF didn’t name the tested stalkerware apps to avoid any promotion and to prevent abusers from learning which tools evade detection.

“It became apparent that some stalkerware apps are essentially variations of the same underlying product. In several cases, they were simply rebranded versions that reuse components such as payment systems, backend infrastructures, admin dashboards, or APK files,” the report notes.

Moreover, even if the apps detected stalkerware, they often did not provide clear and accurate reports to the users. Many products only used generic wording in the alerts, such as “Malware detected”, “Threat detected,” or “Potential unwanted app detected,” without referring to the spying capabilities. This leaves victims unaware of the potential risks.

stalkerware-alerts
ADVERTISEMENT

None of the apps used secure notification channels, such as personal email, to inform the user about the detection.

EFF warns that stalkerware remains a persistent digital threat, with significant variation in detection across many security products.

“Victims cannot rely solely on built-in protections such as Google Play Protect, which detected only around half of the used stalkerware. Second, responsible handling of detections, including clear labelling, transparent explanations of potential risks, and safe removal options, is equally important to protect users in vulnerable situations,” EFF concludes.

The foundation urges security vendors to adopt these recommendations and enhance their threat detection and reporting.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT