BEFORE YOU CONTINUE
Stalkerware apps can track your browsing history so if you suspect that stalkerware has been installed on your device DO NOT USE IT to research support services such as advocacy, shelter, court information or emergency services. Please note that anything you view may be revealed to the person monitoring you, including this tip sheet. Consider the following steps for safety:
- Notify someone you trust by word of mouth that you suspect stalkerware is on your device.
- If you are planning to connect with an advocate or support services, it may be best to use a public computer or a device that is not compromised by stalkerware.
- Working with a domestic violence advocate can be helpful for survivors who are being stalked. Advocates can help you form a safety plan, provide you with resources and provide you with resources and support.
- If you feel that it is safe, consider contacting local law enforcement if you have concerns about your safety
53,870 mobile users were survivors of stalkerware in 2020. Stalkerware is a form of monitoring software which enables a remote user to track activities on another user’s device, such as location data, call logs and messages. It is most often used to monitor a spouse or partner without their permission.
The term stalkerware, also known as spyware, refers to a type of app designed to be hidden from the survivor. Survivors are often unaware when this software has been installed on their device. The National Cyber Security Alliance has partnered with ESET and the National Network to End Domestic Violence to bring awareness to the dangers of stalkerware, how to detect it, and what to do if you are a target.
NEED HELP?
The most common users of stalkerware are abusive partners or spouses. If you or someone you know needs help, contact the National Domestic Violence Hotline at 1-800-799-7233.
What is stalkerware?
Stalkerware apps can allow someone to track virtually anything you do on your device: following your location, listening to phone calls, viewing text messages and emails, etc. These apps must be manually installed onto a device, so they are most often used by someone close to the survivor, such as a partner, ex-partner, spouse, boss or parent. Many stalkerware apps will market themselves as “parental-monitoring” tools, for parents to track their underaged children.
It’s more common than you may think
According to a study from NPR, 85% of domestic violence shelters surveyed said they’re working directly with survivors whose abusers tracked them using GPS. 75% said they’re working with survivors whose abusers eavesdropped on their conversation remotely — using hidden mobile apps
Preventing stalkerware
The following tips may help minimize the risk of stalkerware being downloaded to your device and help you stay cyber secure overall:
- LOCK YOUR DEVICE: Make sure you lock your device with the use of a passcode or extra security features (like facial recognition).
- DON’T LEAVE YOUR DEVICE UNATTENDED: Whether you are at home or out in public, ensure your devices are with you at all times.
- CREATE STRONG PASSPHRASES ONLY YOU WOULD KNOW: A strong passphrase is a sentence that is at least 12 characters long. Focus on sentences or phrases that you like to think about and are easy to remember, including special characters and numbers. On many sites, you can even use spaces. Be mindful not to use birth dates, repeating digits, a year of birth, your social security number, phone numbers or anything the abuser can easily guess.
- ONLY DOWNLOAD APPS FROM VERIFIED DEVELOPERS AND OFFICIAL APP STORES: Before downloading any app from the App Store, Google Play or any other app service, check the reviews and ratings of the app, and look it up online to ensure the developer is credible.
- REVIEW YOUR DOWNLOADED APPS: Do a periodic review of the apps downloaded onto your phone. Check the settings of used apps to make sure the privacy and security settings are configured to protect you and your information. Delete any apps you no longer use or do not recognize. Don’t forget to check your phone settings for a list of all the apps downloaded to the phone, not just the ones that appear on your home screen
- USE ANITVIRUS SOFTWARE Cybersecurity antivirus software will scan your device for stalkerware and any other malicious apps, and warn you if they find known stalkerware apps. Learn more about the different antivirus softwares available.
Detecting Stalkerware
Once installed, it can be very difficult to detect stalkerware, as these apps are designed to be hidden from the device user. However, there are ways to find this software within your phone’s settings:
- CHECK YOUR DEVICE’S SETTINGS OR APP STORE Even when an app is hidden, it may still appear in your device’s settings or app store. To find a list of downloaded apps, follow the below steps
- For iOS users: Go to your settings app -> Scroll to the bottom to see a list of all downloaded apps -> To check which apps have access to your camera, microphone and location, go to Settings -> Privacy for complete lists of apps that have access to your camera, microphone, location and other features.
- For Android users: Go to your settings app Select Apps & Notifications -> See All Apps To check which apps have access to your camera, microphone and location, go to Settings -> Privacy -> Permission Manager for complete lists of apps that have access to your camera, microphone, location and other features.
NOTE: STALKERWARE APPS MAY NOT BE IMMEDIATELY OBVIOUS
They may have a different label to disguise themselves, or a label that looks similar to a legitimate app. Look for any apps in your device settings that you don’t recognize. Discuss a safety plan with an advocate before you delete the app. Keep in mind that the abuser will know that the app has been removed from the device and this may escalate the abuse.
Other indicators of stalkerware
While one of these indicators alone may not be a sign of stalkerware, multiple signs may mean something has been installed on your device:
- The stalker has had access to your device. This can mean your device goes missing and reappears or if you’ve loaned your device to someone for an extended period of time.
- Unknown applications have access to your camera.
- Your screen starts glitching, lagging or your phone’s battery starts draining faster, unexpectedly.
If you find stalkerware on your device
If someone is tracking your device, they will know when the stalkerware app is deleted. If you decide not to delete the app, consider the following steps on page one to seek help first. If you decide to delete the app first, consider the following steps:
- DO A FACTORY RESET: A factory reset restores your phone to its original state by deleting all information from the device, including apps and accounts. This can help ensure that all possible stalkerware has been removed from your device. Be sure to backup any necessary files and information before doing so. Note: After a reset, do not restore your device’s data from the cloud or from a back up source. This may reinstall the stalkerware.
- GET A NEW DEVICE: To be absolutely sure there is no stalkerware on your device, consider purchasing a new one.
- CHANGE LOGIN CREDENTIALS: If someone has been viewing your online activities, they will know the credentials for any account you’ve logged into while stalkerware was installed. Change all your passwords, security questions, etc. for your online accounts.
- SEEK HELP: Contact the National Domestic Violence Hotline at 1-800-799-7233 or local law enforcement.
Webinar:
Stalkerware: Technology-Facilitated Domestic Violence
NCA has partnered with ESET and the National Network to End Domestic Violence to bring awareness to the dangers of stalkerware, how to detect it, and what to do if you are a target.
Speakers:
- Tony Anscombe, Global Security Evangelist & Industry Partnership Ambassador, ESET
- Tony Anscombe is the Global Security Evangelist for ESET. With over 20 years of security industry experience, Anscombe is an established author, blogger and speaker on the current threat landscape, security technologies and products, data protection, privacy and trust and internet safety.
- Audace Garnett, Technology Safety Specialist, National Network to End Domestic Violence
- Audace has over a decade of experience working in New York City with survivors of domestic violence. She is currently a Technology Safety Specialist with Safety Net at the National Network to End Domestic Violence (NNEDV) where she focuses specifically on the intersection between domestic violence, sexual assault, stalking and technology.
- Lukáš Štefanko, Malware Researcher, ESET
- Lukáš Štefanko is is an experienced Malware Researcher with a strong engineering background and a well-demonstrated focus on Android malware research and security. With more than nine years’ experience with malware, he has been focusing on improving detection mechanisms of Android malware and in the past couple of years has made major strides towards heightening public awareness around mobile threats and app vulnerabilities.