How to Find ‘Stalkerware’ on Your Devices
Fighting stalkerware is tough. You may not suspect it’s there. It could be difficult to detect even if you did since antivirus software only recently began flagging these apps as malicious.
Here’s a guide to how stalkerware works, what to look out for, and what to do about it.
The Different Types of Stalkerware
Surveillance software has proliferated on computers for decades, but spyware makers have recently shifted their focus to mobile devices. Because mobile devices have access to more personal data, including photos, real-time location, phone conversations, and messages, the apps became known as stalkerware.
Various stalkerware apps collect different types of information. Some record phone calls, log keystrokes, and track location or upload a person’s photos to a remote server. But they all generally work the same way: An abuser with access to a victim’s device installs the app on the phone and disguises it as ordinary software, like a calendar app. From there, the app lurks in the background, and later, the abuser retrieves the data. Sometimes, the information gets sent to the abuser’s email address or downloaded from a website. In other scenarios, abusers who know their partner’s passcode can unlock the device to open the stalkerware and review the recorded data.
Self-Defense Steps
So what to do? The Coalition Against Stalkerware, which Ms. Galperin and other groups founded, and many security firms offered these tips:
Look for unusual behavior on your device, like a rapidly draining battery. That could be a giveaway that a stalker app has constantly been running in the background.
Scan your device. Some apps, like MalwareBytes, Certo, Norton LifeLock, and Lookout, can detect stalkerware. But to be thorough, closely examine your apps to see if anything is unfamiliar or suspicious. If you find a piece of stalkerware, pause before you delete it: It may be helpful evidence if you decide to report the abuse to law enforcement.
Seek help. In addition to reporting stalking behavior to law enforcement, you can seek advice from resources like the National Domestic Violence Hotline or the Safety Net Project hosted by the National Network to End Domestic Violence.
Audit your online accounts to see which apps and devices are hooked into them. On Twitter, for example, you can click the “security and account access” button inside the settings menu to see which devices and apps can access your account. Log out of anything that looks shady.
Change your passwords and passcode. It’s always safer to change passwords for important online accounts and avoid reusing passwords across sites. Try creating long, complex passwords for each account. Similarly, make sure your passcode is complex for someone to guess.
Enable two-factor authentication. For any online account that offers it, use two-factor authentication, which requires two forms of verification of your identity before letting you log into an account. Say you enter your username and password for your Facebook account. That’s Step 1. Facebook then asks you to punch in a temporary code generated by an authentication app. That’s Step 2. With this protection, even if an abuser figures out your password using a piece of stalkerware, they still can’t log in without that code.
On iPhones, check your settings. According to Certo, a mobile security firm, a new stalker app, WebWatcher, uses a computer to wirelessly download a backup copy of a victim’s iPhone data. To defend yourself, open the Settings app and look at the General menu to see if “iTunes Wi-Fi Sync” is turned on. Disabling this will prevent WebWatcher from copying your data.
Apple said this was not considered an iPhone vulnerability because it required an attacker to be on the same Wi-Fi network and physically access a victim’s unlocked iPhone.
Start fresh. Buying a new phone or erasing all the data from your phone to begin anew is the most effective way to rid a device of stalkerware.
Update your software. Make sure you’re running the latest software. Apple and Google regularly issue software updates, including security fixes, which can remove stalkerware.
In the end, there’s no proper way to defeat stalkerware. NortonLifeLock’s lead researcher Kevin Roundy said he had reported more than 800 pieces of stalkerware inside the Android app store. Google removed the apps and updated its policy in October to forbid developers from offering stalkerware.
But more have emerged to take their place. There are a lot of hazardous, alarming possibilities,” Mr. Roundy said. “It’s going to continue to be a concern.”