Detecting and Removing Stalkerware

A Primer on Stalkerware

Certain apps, commonly referred to as “spouseware” or “stalkerware,” are designed to give someone the ability to track or spy on a person’s phone. Specifically, depending on the version, it may allow a person to:
– track the phone’s location
– view messages and emails
– view the device’s pictures and videos
– in some cases, activate the camera or microphone
– and more

Generally speaking, this sort of software is legal to sell and buy, but not legal to use to track a person who doesn’t know they’re being tracked. There are exceptions to that, which is why the companies selling it are careful in how they advertise.

If you suspect that your phone is being tracked, this quick guide will help you find out for sure and figure out what to do about it.

Signs of stalkerware

Stalkerware apps are designed to hide from the victim, meaning they don’t generally show up as installed apps. That doesn’t include legitimate apps that an be used to track a phone, which would show up as installed apps. Because the apps don’t show up as installed, it can be easy to miss. But if you’re looking for it, it’s possible to find it.

Some signs that may indicate stalkerware is installed include:
– a person that may have installed it always seems to know where you are
– your phone battery is draining unusually fast
– GPS turns on after you turn it off
– Your iOS phone refuses to update
– You’ve received suspicious emails or texts with links (which you clicked on) OR you were told to download apps from sources other than the official app/play store
– Someone had access to your phone for an extended period of time (generally, these apps require physical access to the device)

Please note that the presence of any one or more of those indicators doesn’t necessarily mean that your phone has been infected. For example, some legitimate apps can drain the battery or activate your GPS. These are only indications that you should look a little more closely.

What to do if you suspect stalkerware

First, don’t panic. The odds are good that a legitimate app is the cause of what you’re seeing. However, just to be on the safe side it’s best to take a closer look while also staying safe.

First, think about your “threat model.” That is, think about your safety needs and what it could mean if you’re being tracked. If you’re in a place you don’t want to be found, consider turning off the phone and taking it directly to law enforcement.

If you’re safe at the moment but don’t want to tip off whoever may be tracking you, try not to change your behavior too much. Keep doing normal things, but don’t talk about anything sensitive until you’re sure your phone is safe. If possible, a prepaid “burner” phone will allow you to talk about personal/sensitive things while you’re checking on your primary phone.

Either way, if there’s a concern about your safety, go to law enforcement immediately. If you need to go to a shelter, do not take the suspect phone with you until it’s been cleared (if allowed by shelter policy).

Confirming the presence of stalkerware

If you know what to look for, you can detect stalkerware. First, check to see if your phone is configured to even allow those apps.

For iOS:
Look to see if the phone is jailbroken- that means, if it’s been changed to allow unofficial apps to run. There are a lot of reasons to jailbreak your phone and not all are malicious, but if it’s jailbroken and you didn’t do it, that’s a red flag. One way is to look for an app called Cydia which is often, but not always, present when the phone is jailbroken. Another way is to download an iOS app like “System and Security Info” to check it that way.

For Android:
Go into the settings and open “Unknown Devices,” “Allow installation from Unknown Sources,” and/or “install from untrusted APKs.” If you can’t find those settings, you may be able to use the search function in the settings area if available. Check if those settings are toggled on. Also look at the “Device administrator” settings and see if there’s any apps you don’t recognize there. There will probably some google-related apps there, so expect to see something there.

Next, install and run a security suite. Lookout Mobile Security is one of the best for detecting stalkerware and will let you know if it’s found.

What if something’s found?

If you find evidence of stalkerware on your device, your best bet is to turn it off and bring it to law enforcement. Tell them what you found and make a report. Anecdotally, sometimes the first officer won’t see the need to take a report. You have the right to escalate the request if you have a concern.

If you wish to recover your phone, the safest option is to factory reset and restore your phone (after backing up your pictures, etc). This basically restores your phone to the factory settings, getting rid of ALL non-default apps. There are no commercial stalkerware apps that can survive this. If you’re unsure about how to do this, your provider should be able to help.

Changing your Android settings to remove the suspect device administrator should be enough to disable the software, but this should only be a temporary measure. The best solution is a full reset.

Once your phone is recovered, change all of your passwords and enable two-factor authentication wherever possible. This means that your accounts are secure even if someone knows the password. Here’s a handy guide to enabling this additional security on your accounts.

How to prevent stalkerware installation

If you’re concerned about stalkerware installation, consider implementing other secure communication channels so you always have a safe way to communicate.

Because nearly all stalkerware variants require physical access, restrict physical access to your device if it’s safe to do so. Adding a secure password or PIN to your device (one that no one could know but you) should be enough for this. Please note that suddenly adding a password may be seen as an indication that you’re getting suspicious, which may or may not be a concern for your particular situation.

Also, installing a security suite should catch malicious links and installations. Periodically check your phone’s settings to make sure they haven’t been changed as discussed previously. If you’re ever in doubt, take your phone to a professional or to your carrier to discuss your concerns.