Stopping Stalkerware

Stopping Stalkerware

Stalkerware has grown out of applications designed to allow parents and guardians to monitor their children’s activity and theoretically prevent them from harm.  This becomes criminal stalking when the application is installed and run without the user’s knowledge.

Remote access to a device can include conversations, locations and images.  In the hands of the criminal stalker this information can be used to control and manipulate the victim. The practice of stalking in any form is illegal and reprehensible. Kindus strongly supports all efforts to stamp it out.

The Internet security company Kaspersky published a summary of the Stalkerware threat in 2020.  It reported 53,870 cases amongst users of its systems.  The real total will be considerably higher as Kaspersky does not include incidents that were not discovered or were revealed by other systems.

The most likely target systems are Android phones because the strict controls of the Apple store restrict what applications are on offer and can be installed.  PC systems could also be affected although the information available to the stalker is considerably less than that provided by a mobile phone.  The legal child monitoring app KidsGuard gives a comprehensive and worrying description of just how much information can be harvested remotely.   KidsGuard itself might be used as a Stalkerware system as although it is displayed on the target device it masquerades as a system update service.  More worrying is a loophole in the software data storage that allowed public access to the harvested data.  This data leak has since been plugged.

Location systems such as ‘find my phone’ could be used to track an individual if the related account and password is known to a stalker. Tracking devices like the Apple AirTag are another risk. The tags are able to piggyback Bluetooth connections of strangers’ devices to pass on their location. Although designed to emit sounds at random time intervals that will disclose their location this feature could be muted allowing such a device to silently track a target.

Remote monitoring systems need the permission of the device owner to be installed. Unlike desktop operating systems the applications are not going to be silently delivered through a web page or email link. The stalker will need direct access to the target.  If an IOS system is to be the host it will first need to be jailbroken.  This allows an IOS device to have software installed from sources other than the Apple Store.  Android stalkerware apps are unlikely to come from Google Play but Android comes with the option to install from other sources without the need for a ‘jailbreak’ activity.  To achieve these aims a stalker might ‘borrow’ a device while it is unlocked or already have access to any locking password or gesture.  Alternatively a compromised device might be received as a gift or software installed when a device is ‘repaired’.

It is in the nature of good stalkerware to be hard to detect but there are some key signs.  High battery use, a device overheating or unexpectedly high mobile data use are all clues that something is putting a lot of demand on the system.  Some software such as anti-vrus programs will scan a device for suspect applications; this needs to be kept up to date as new threats are created.  The Clinic to End Tech Abuse (CETA) published a guide on how to detect hidden apps on Andriod devices and to remove them.  TinyCheck is an external solution that intercepts data transmissions between a mobile device and the Internet, reporting on what it detects with a view to flagging stalkerware.  It is designed to run on a Raspberry Pi so although an economical solution for a social enterprise it is unlikely to appeal to the casual home user.

If you do suspect stalkerware, back up all important files and images then perform a factory reset. Upgrade to the most recent operating system that your device will support and only re-install apps that you know what they do.

Steps to avoid stalkerware;

  • If possible get a new phone direct from an approved supplier or the manufacturer.
  • If you receive a phone as a gift follow the steps described above to check for compromised systems.
  • Use hard to guess passwords.
  • Do not divulge any device passwords or screen locking gestures.
  • Ensure that your screen is locked when not in use.
  • Turn off bluetooth except when necessary.

Stalkerware could be part of a wider effort to influence the victim’s behaviour and exert control. Removing the software is only one step in cracking down on stalking. There is more information on fighting back against stalking at the Coalition Against Stalkerware. In the UK the Suzy Lamplugh Trust offers advice and support to victims of stalking.



More from Security


eCommerce Shop Scams

Data from Security Research Labs has revealed a China based fake shopping network that they have named ‘BogusBazaar.’  They claim that: ‘As of April …

Read post


Lockbit Ransomware Takedown

In February 2024 the UK National Crime Agency released details of how the NCA and other international policing agencies had disrupted the actions of …

Read post


UK Cyber security breaches survey 2024

Lies, damned lies, and statistics (attributed to Disraeli) The UK Cyber Security Breaches Survey 2024 was published on 9th April 2024.  Not surprisingly it …

Read post


Digital Gift Card Issues

Both Apple and Google offer gift card services for use on their App stores.  Just as it states on the tin the card can …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus