20 | New Scientist | 23 November 2019
You might think that scanning your
phone to detect stalkerware is a
good idea. But be careful. Besides
the fact that antivirus programs
don’t always catch spy apps, a
stalker could be alerted to your
attempts to take protective actions
and confront you.
“Some of these applications
have the ability to see every
web page that you go to,” says
Christopher Parsons, co-author
of a report looking at stalkerware.
He recommends instead that
people seek out advice directly
from a domestic abuse charity or
similar organisation if they think
they are being targeted.
If you are confident that
your device hasn’t already been
compromised, David Emm of
security firm Kaspersky suggests
the best thing to do is lock down
your phone. Not allowing your
partner to know the passcode for
your phone, which is ideally at least
six digits long, is a good start. Then
make sure that you have antivirus
software installed and that your
online accounts are protected with
strong passwords.
Yet taking precautions against
loved ones doesn’t come naturally,
says Emm: “By definition, none
of us is as unguarded as we are
with a partner.”
How to protect yourself
“Catch cheating spouses” the
website for California-based
HelloSpy, a smartphone app, says.
There is a photo of a woman with
a bruised face and a man grabbing
her arm. Infidelity is easier these
days because of online social
networks and mobile phones,
the page claims. But the “good
news” is that technology can
reveal infidelity too, it says.
On the site for another app,
FlexiSpy, I seek help from a
customer support agent. During
a web chat, I say, “I think my wife
is cheating.” The agent, whether
human or bot, immediately asks
whether I have physical access to
her phone so I can install the app.
Neither HelloSpy nor FlexiSpy
responded to a request for
comment on these marketing
practices. The sale of such apps
is permitted in both the US and
UK, but these disturbing examples
demonstrate how the software
easily slips into a legal grey area.
The software itself is perfectly
legal. For example, an employer
might tell an employee that
their work phone will be
loaded with software that
records everything they do.
The employee’s consent may
be explicitly granted in that case.
However, software can also
be installed surreptitiously on
someone’s device to snoop on
their messages and phone calls.
The use of such “stalkerware”
seems to be on the rise. “Accessing
the contents of someone’s phone
now is accessing their life,” says
Lucy Purdon at campaign group
Privacy International. “We are
very concerned about this.”
Once installed, stalkerware
example to harass people or access
their data without consent – that
may fall foul of legislation.
There is a lack of international
coordination over how to deal
with the misuse of spy apps,
says Christopher Parsons at the
University of Toronto. He and his
colleagues published an in-depth
report on the rise of stalkerware
earlier this year.
Cybersecurity
SIN
AN
SA
GL
AM
/EY
EE
M/
GE
TT
Y
News Insight
The rise of stalkerware
Apps that secretly give people access to their partner’s smartphones
are growing in prominence. Chris Baraniuk reports
can be set up so as to be practically
invisible to the phone’s owner.
It might be used, for example,
to monitor their location and
movements using GPS. It can
provide access to any text
messages or pictures they send,
or record everything they type.
In some cases, stalkerware can
even switch on the device’s
microphone to eavesdrop
on private conversations.
Purdon and her colleagues
have examined apps that market
themselves as helpful tools that
allow parents to keep an eye on
their kids. In reality, they offer
unbridled access to children’s
phones. “These tools go way
beyond checking your child’s
location,” she says.
Employers, parents and
snooping partners have emerged
as the three main target audiences
for spy apps.
An analysis by cybersecurity
company Kaspersky found that,
in the first eight months of 2019,
more than 37,500 of its customers
encountered spyware or
stalkerware at least once – a 35 per
cent rise on the same period in
- “We’re seeing a marked
increase,” says David Emm,
a researcher at the firm.
Another security firm, Avast,
detected eight stalkerware apps
on the Google Play app store in
July. All have since been removed
as Google prohibits such apps.
Spy in your pocket
Many notorious stalkerware apps
are built for Android, but there
are variants that can be installed
on iPhones running iOS as well.
In a July blog post, Google software
engineer Ivan Rodriguez described
how stalkers can get around some
of the security protections built
into iOS and spy on the phone’s
owner anyway.
But a crackdown is afoot. The
US Federal Trade Commission
(FTC) has just taken legal action
against a Florida-based firm called
Retina-X, which developed
spyware apps called MobileSpy,
PhoneSheriff and TeenShield.
Among other things, the FTC said
the company was failing to ensure
that users of the software were
installing it for “legitimate”
purposes, a practice it said was
“unfair” since it put people at
risk of being monitored illegally.
Despite this, stalkerware can
still slip through legal loopholes.
Neither the UK nor the US
explicitly outlaw this software.
Rather it is how it is used – for
“Accessing the contents of
someone’s phone now is
accessing their life. We are
very concerned about this”