What if your phone calls, texts, FaceTime sessions, and GPS locations were being logged without your consent? What if they were all being sent to a tech-savvy stalker—often a former romantic partner or an abusively controlling current partner—who had gotten malware onto your phones, tablets, and pcs, effectively bugging them? That’s the unsettling job of stalkerware, a type of commercially available software designed to spy on victims without being detected.
Stalkerware can operate stealthily, so you probably wouldn't know if your devices had it installed. According to a 2020 report from cybersecurity company Kaspersky, a majority of people with stalkerware on their devices don’t even know that the type of software exists, meaning they can’t protect themselves from it. We'll help you understand what stalkerware is, how to remove it from your devices, and how to make sure stalkers can't install it on your devices again, once they are clean.
What Stalkerware Is and Why It's Considered Abusive
Make no mistake, stalkerware is a form of abuse. According to the Coalition Against Stalkerware (CAS), this type of software “may facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence.” Stalkerware is often marketed as a way to spy on current or former romantic partners, but it can also be found packaged as parental control software or employee tracking solutions.
Stalkerware programs’ legal status is vague in most countries. In many places, the software itself can be distributed legally. Using stalkerware to monitor someone, however, may be a punishable offense. The people who create stalkerware usually mention this in the terms and conditions, stating that you must not use the software in a manner that is illegal in the country or territory in which you live.
Technology-enabled abuse isn’t limited to stalkerware. Abusers can use seemingly innocuous utilities and built-in parental control apps like the “Find My” and Screen Time functions on Apple devices to keep tabs on their partner’s whereabouts and activity. Google's Family Link application can be similarly used and abused by stalkers to track survivors or limit the sites they can access.
With help from Victor Chebyshev, a Lead Security Researcher on the Global Research and Analysis Team at Kaspersky, we’ve compiled several ways for you to check your devices for stalkerware and created a guide for getting rid of it. One important note: a safety plan for the abuse survivor should be in place before removing stalkerware. The very act of getting rid of the software may encourage the perpetrator to escalate the situation and pose a safety risk.
Who Else Is Listening to Your Phone?
Chebyshev told me that it is usually hard to discover this type of software because it’s designed to remain hidden and run in the background on a device. That said, there are some signs you should look for when it comes to detecting stalkerware.
- Take a look at your phone’s battery life. If the battery suddenly starts draining quickly, you may have some stalkerware running in the background.
- If you’re dealing with constant device overheating, that’s another possible sign that a stealth program is running on your phone or tablet.
- Examine your mobile data reports. If you see very high data traffic growth and you haven’t changed your usage recently, stalkerware may have been installed on your device.
- Check permissions of installed apps.
“Stalkerware applications may be disguised under a wrong name with suspicious access to messages, call logs, location, and other personal activity,” Chebyshev said.
The warning signs listed above are not necessarily proof that you have a stalkerware problem. That’s why you need to run an antivirus scanner if you think you are being monitored. According to AV-Comparatives’ testing, antivirus programs are getting better at detecting stalkerware apps on Android. Most of the antivirus products tested had at least an 80% detection rate. NortonLifeLock was the outlier, with a 50% detection rate, and AV-Comparatives researchers believed it was because it’s a well-known brand, so stalkerware developers design their products to hide from it.
How Do You Get Stalkerware?
Google doesn’t allow known stalkerware apps in the Play Store, but some apps do manage to slip through their surveillance. Other apps can be side-loaded onto the phone (meaning they are downloaded from the internet, not through the Play Store, and installed on the phone). Side-loaded apps require someone with access to your phone to have it in their physical possession, so if you’re having your phone repaired or set up by someone else, they may have the opportunity to install stalkerware.
There are also companies that sell low-cost fake iPhones from China. We saw the phones at 2019's Black Hat conference. The fakes run modified versions of Android that look like iOS, and they come preloaded with malware. A stalker could gift one of these phones and exert any manner of control over another person from a distance.
It’s harder for abusers to install stalkerware on iPhones than on Android devices because Apple doesn’t have a built-in mechanism for sideloading apps. That said, abusers can get around this limitation with a jailbroken iPhone.
“They still need physical access to the phone to jailbreak it, so iPhone users who fear surveillance should always keep an eye on their device. Alternatively, an abuser can offer their victim an iPhone–or any other device–with preinstalled stalkerware as a gift. There are companies that make their services available online to install such tools on a new phone and deliver it to an unwitting addressee in factory packaging to celebrate a special occasion," explained Chebyshev.
It’s not easy to tell if you have a jailbroken iPhone. There are dubious apps on the market that claim to tell you whether the phone you have is jailbroken or not, but the best way to know the history of your phone is to buy it yourself, directly from Apple.
How to Remove Stalkerware from Your Mobile Device
First, remember to have a safety plan in place, as mentioned above. Also, consider preserving evidence of the stalkerware to pursue legal action.
There are two ways to delete stalkerware from your device: Use security software to detect and delete the stalkerware, or perform a factory reset on the phone. The factory reset will remove the offending app, and take all the rest of your data with it, so you should back up your important data before using this tactic.
The advantage of the factory reset method is that you don't need to actually know whether you have stalkerware, or even be able to detect it. If you're in a situation in which you suspect it's likely an abuser might have installed it on your phone, you can reclaim at least some of your piece of mind simply by performing this reset.
Your Computer Might Also Be Bugged
Chebyshev says stalkerware for desktops and laptops is rare, but it does exist. As with mobile devices, it's often packaged and sold as either parental control or employee monitoring software. There are of course, still old-fashioned keyloggers out there, too.
If you suspect your computer is infected with stalkerware, it’s best to use an antivirus tool to scan the computer and detect the software. Antivirus software should also be able help you remove the stalkerware once it's detected. For persistent and hard-to-remove apps, you might also try downloading free cleanup-only antivirus tool, such as Editors' Choice winner Malwarebytes Free.
If neither of these approaches work, you should go back to your main antivirus software and look for the Rescue Disk or similarly named feature. This will allow you to make a disk image that creates a bootable USB or DVD with a built-in antivirus scanner. Because the rescue disk runs a non-Windows operating system, Windows-based malware can't resist it. Boot from the Rescue Drive and run a full scan of your drive. This should find and eliminate just about everything you might be facing.
Removing Stalkerware Is Just the First Step
You’ve found stalkerware on your device. You’ve removed the software. Now what? You'll want to take stock of any other ways people might be tracking you. Do you have any unexpected Apple Airtags in your car, your coat pockets, your bags? You'll want to check. Apple is working on making them less easy for stalkers to exploit, but there is still potential for misuse.
You'll also want to tighten up the security on your devices now that they are clean. Password protect all your devices with new, strong passwords. Immediately change the passwords for your email, social media profiles, banking, and any other important accounts. Use hard-to-guess passwords and keep them in a password-protected password manager. Do not let other apps store or save your passwords for you. Set up multifactor authentication for your accounts. Make sure to keep your devices either with you, or physically secured. Having physical access to your devices can make a stalker's job easier.
Finally, if you believe you are experiencing stalking, spying or any form of monitoring without your consent visit the CAS Resources page to find local help and support groups.