How to Detect Stalkerware Apps on Your Mobile Device and Protect From it?
Put down your mobile phone for a moment. Someone might be spying on you as you are using it.
In this article, we'll explain how to detect stalkerware on your both Android and iPhone mobile devices and how to protect yourself from it.
What is Stalkerware?
In 2019, Google discovered and removed 7 stalkerware apps from its Play Store, with a combined 130,000 installations.
These apps include:
- Spy Kids Tracker
- Phone Cell Tracker
- Track Employees Check Work Phone Online Spy Free
- Spy Tracker
- Employee Work Spy
- Mobile Tracking
- SMS Tracker
Okay, so what exactly is stalkerware?
We'll use the definition by the Coalition Against Stalkerware, which says that:
Stalkerware refers to tools - software programs, apps and devices - that enable someone to secretly spy on another person's private life via their mobile device.
This means that someone can monitor everything you are doing on your mobile device, including who you send text messages to, where you go (geolocation), your web searches, voice calls, photos, and much more thanks to a stalkerware app in their phone, without the affected person knowing.
So how do you detect and protect against stalkerware apps?
Warning Signs of Stalkerware
Stalkerware can be installed on your phone by your intimate partner so it's important to know what are some red flags you might have it installed.
The Coalition Against Stalkerware lists 10 signs of stalkerware that you should keep an eye out for:
- Mobile phone, device, or laptop goes missing and reappears.
- Strange behavior from the device operating system or application.
- Unfamiliar app or process on your device.
- Lending your device for an extended period to someone and noticing changes in settings or unknown apps you do not recognize.
- "Unknown sources" setting is enabled on Android devices.
- Unexpected battery drain.
- Presence of an app called Cydia (on iOS devices).
- Active sessions on devices you did not authorize.
- Using easy passwords that someone close to you can guess.
- Webcam permissions are on for applications you did not give permission to.
If you notice two or more of these signs, you need to start thinking about how to detect and remove stalkerware from your phone.
Here's how it's done on both Android and iOs devices:
How to Protect From Stalkerware on Android Devices?
Google will periodically remove harmful apps from its Play Store, but stalkerware developers from time to time manage to find a way to get their apps on it nevertheless.
Of course, for these apps to get on your device, someone usually needs to have access to the physical device to install them.
This is not as unlikely in a domestic abuse situation. So the first thing you need to consider is "has someone had access to my phone?"
Finding and Removing Stalkerware on Your Android
There are, of course, a few ways to check for spyware and stalkerware on your Android device, as well as remove them, so let's see what those are:
- Is your device acting strangely or working slower?
If you notice that your, otherwise, new Android device has started to hiccup or otherwise work slower than normal, this can be a sign that hidden apps are working in the background.
Another sign of this could be that the battery is draining quickly, that the phone is heating up, or that it is often restarting or shutting down on its own.
What you should do in this situation is go through the app list and if you notice any unfamiliar apps, remove them.
- Has someone messed with the accessibility settings?
Stalkerware apps need full access to your Android device and the data in it. That's why they can often be found under Accessibility on your phone.
To find out whether an app has access to the operating system that it shouldn't, or some other data, go to Settings > Smart Assistance > Accessibility and scroll down to reveal Downloaded Services if you see any services installed here that you do not recognize, feel free to remove them as they might be stalkerware.
- Google Play Protect is disabled
One of the ways that Google protects against harmful apps and malware is with Google Play Protect.
Unfortunately, if this option is disabled, stalkerware apps can be installed on your device, so be sure that it is on.
To check this: Open the Play Store app > click on your Profile icon > tap Play Protect and if you see a red shield, this means that Play Protect is off and harmful apps can be installed on your device.
To enable it, click on the gear icon in the top-right corner and toggle Scan apps with Play Protect on.
- Has the device admin app been installed?
Device admin apps are created as tools that allow employers to remotely monitor and manage their employee's devices as well as disable certain features and wipe data in case of data loss.
Unfortunately, they can also be used by threat actors to install stalkerware and secretly spy on you.
Normally, you shouldn't have a device admin app on your phone, so if you see something titled Device Admin, Device Health, or System Service, that's likely a stalkerware.
- Scan with security tools
Although you can search your device manually for spyware and stalkerware, an easier and perhaps faster solution is to use a mobile security tool like Malwarebytes.
- Read this article to find out how governments are using spyware to spy on you.
The only problem with this is that not all security tools will classify stalkeware as malware or virus as they can be used for parental monitoring or by companies as well.
Additionally, a surveillance app might also notify its owner that it is being scanned or that the device has anti-malware and antivirus protection installed.
How can iPhone Users Detect Hidden Stalkerware Apps?
Since iOS makes it harder for stalkerware apps to run on iPhone, iPhone users are in a somewhat better position than their Android counterparts.
That being said, the threat of stalkerware is still not to be ignored if you have an iPhone as it is still possible to install it, especially on a jailbroken iPhone (although the stalker needs to have a little more technical knowledge to accomplish this).
According to the Citizen Lab research, "The Predator in Your Pocket":
Installing stalkerware on a targeted device often entails privileged access to it, meaning that the stalker either has physical access to the phone and knowledge of the phone's passcode (in the case of most Android-compatible and Apple-compatible stalkerware) or the targeted person's iCloud password in the case of most Apple-compatible stalkerware).
This, unfortunately, is not that unlikely in a domestic abuse situation.
Another way to install stalkerware on someone's iPhone is with the use of Mobile Device Management (MDM) profiles. This is actually used by some companies as an employee monitoring software on devices that they issue to their employees often, but it can also be used by threat actors and for partner surveillance.
How to Check for and Remove Stalkerware from Your iPhone?
So, how do you find if there is a stalkerware installed on your iPhone and remove it?
- Scan for apps that you didn't install
If you go to the Settings and scroll down, you'll see the list of all your currently installed apps on your phone. Look through it and see if there is an app there that you don't remember installing.
This could very well be your stalkerware app and it needs to go away.
- Look at the app permissions
While on the app list, you can also check individual apps (including those you did and did not install) for their permissions.
Does any of these apps have permissions that you did not grant? Make sure to remove it.
- Search for iTunes WiFi Sync
A feature on an iPhone called iTunes WiFi Sync allows someone to remotely monitor your iOS device from their desktop or laptop computer, as long as the two are on the same WiFi network.
To check for it, go to:
Settings > General > iTunes WiFi Sync.
- Check if your phone has been jailbroken
"Jailbreaking" refers to removing certain restrictions on the iPhone regarding what apps and software programs can be installed on it.
Normally, you can only install "approved" apps from the Apple App Store.
Now, technically, not all "unapproved" apps are harmful, but, of course, stalkerware and spyware definitely are, so look for apps like Sileo and Cydia.
If you want to "un-jailbreak" your iPhone, do a factory reset of the whole device or update to the latest iOS version.
- Examine the phone for MDM configuration
Go to Settings > General > Profiles & Device Management. if you see an MDM or unknown configuration profile, this likely means that your phone is being monitored by someone.
Fortunately, there should be an option to delete this by simply tapping it.
- Change your iCloud credentials
Since partners often share their online accounts, it's not uncommon to do the same with iCloud credentials. This can be problematic if you're in a domestic violence situation.
The best you can do if you don't want someone else to have access to your iCloud account is to reset your password and also use multi-factor authentication (MFA).
Finding and removing stalkerware isn't so much a problem.
The bigger problem is the person who has installed stalkerware in the first place on your phone finding out that you have removed it.
With an abusive partner, this can, of course, lead to more domestic violence, so it is important to determine if it is safe for you to do this.
Here are some questions that you need to answer:
- If I get rid of the stalkerware app, how will my abusive partner react?
- Can I have a device password/passcode and does my partner know it? Can I change my passcode?
- Do I have anyone to ask for support and help? Do I have a way to talk to them from a non-monitored device?
- Do I need to call the police?
Stalkerware allows its owner to monitor the victim's device without the affected person knowing about it. Unfortunately, such apps are not entirely illegal as they can be used for employee and parental monitoring. Worst of all, they are often used by domestic abusers.
Hopefully, this article has explained how to find out if you have a stalkeware installed and what steps you need to take to get rid of it.