X

Stalkerware: What to do if you're the target

These apps put people in danger.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
6 min read
cnet-stalkerware-story-1-illustration-1600x900-v2-1

Stalkerware can turn phones into all-seeing surveillance tools.

Brett Pearce/CNET

This article discusses domestic violence. CNET would like to remind readers that browsing histories, including this story, can be monitored and are impossible to completely clear. If you need help, please call the National Domestic Violence Hotline at 1-800-799-7233.

Things got weird at the end of Allie's relationship with her boyfriend. One night, he seemed to know where she'd been when she was out without him, and another night he started talking about something she'd recently read on her personal computer at home, where she lived alone. 

At the beginning of their relationship, he said he had cyberstalked a past girlfriend, but he assured her that those days were behind him. Now Allie, who asked to use a pseudonym out of concern for her safety, wondered if her soon-to-be-ex boyfriend was spying on her.

"I thought I was going nuts because I was pretty sure I hadn't shared that information," said Allie, who ditched her laptop and phone rather than find out what software her ex might have installed on them. "In hindsight, it was subtle intimidation."

The paranoia that Allie felt is becoming a sadly common experience. It's jaw-droppingly easy for someone to buy and install intrusive apps, known as stalkerware, on someone else's device. The apps are plentiful, according to antivirus software firms that track their prevalence. A recent Harris poll conducted with antivirus firm NortonLifeLock found that one in 10 people admit to using stalkerware to track a partner or ex-partner. The apps are so simple that some people on TikTok have posted 60-second tutorials on how to use them.

The software works on computers but has become especially powerful to use on phones, turning the gadgets into all-seeing surveillance devices that reveal location data as well as emails, web browsing histories and more. Stalkerware on smartphones can lead domestic abusers to partners who may be in hiding. The apps give heightened control to abusers whose partners haven't left, making escape harder to manage. Stalkerware apps have been tied to horrible acts of violence.

There can be legitimate reasons to use tracking apps, such as monitoring children's phones, or monitoring employees (with their consent). However, the distinction between these apps and what's often called stalkerware is blurry. Many apps bill themselves as legitimate monitoring apps but can offer staggering amounts of information from targets' phones and can operate completely undetected. The reality is that these apps get abused by people who spy on adults without their consent, according to law enforcement officials and to domestic-violence and legal experts. 

You might at some point worry you have stalkerware on your phone or laptop. It isn't easy to decide what to do about it, domestic-violence experts say, because your partner or ex might become more dangerous if you delete the software on your device. But there are steps you can take to learn more about the software and whether it's on your device.

What is stalkerware?

Stalkerware refers to a broad group of apps that someone else can install on your device to intercept texts and phone calls, access your location, log your web browsing activity and turn on your camera or microphone. The information gathered by such an app typically gets sent to a portal or companion app accessed by the person who installed the stalkerware. 

Watch this: How to find and delete stalkerware

The apps can be installed on all kinds of phones, though it's a bit more complex to get stalkerware working on iPhones. The person installing stalkerware typically has to get physical access to the user's phone to install an app. A big exception to this is if the person installing stalkerware has the target's iCloud credentials, allowing them to access backups of the other person's phone.

Is stalkerware illegal?

Surreptitious spying on your devices without your consent is illegal. So is stalking. Additionally, the apps usually violate the policies for apps sold on stores run by Google and Apple, and they're frequently taken down from those stores.

People still install them on other people's phones, though, finding the apps for sale on the app makers' websites instead of an app store, and at times undermining the foundational security of a target's phone by jailbreaking it. The apps are often sold as child or employee monitoring services, but they're ripe for abuse because they can run undetected on a device, say law enforcement officials and domestic-violence experts.

There have been prosecutions of people who used stalkerware, but they're uncommon. 

How do I know if my phone has stalkerware?

That can be hard. The software often disguises itself, either by displaying an innocuous icon (like a battery monitor), or by not displaying an icon at all, says Kevin Roundy, technical director at the NortonLifeLock research group.

While researching stalkerware apps, Roundy identified other categories of apps that often work in concert with the intrusive software. One of these is an app-hiding app, which can remove the icon of a stalkerware app from your screen.

Even if an app's icon is hidden on your phone, it should show up in your settings as an item in the list of applications running on your device. The app still probably won't have a label that immediately identifies it as stalkerware, Roundy says, so look for any app you don't recognize. You can look up any unusual looking apps online on another device to see if you can find more information about them.

An additional step is using antivirus software on your phone, if you use an Android device. (There isn't any antivirus software available for iPhones.) Antivirus software from Kaspersky, Malwarebytes and NortonLifeLock all scan for the software and warn users if they find known stalkerware apps.

You can also take your device to a local police department. Resources and training vary from place to place, so it's not guaranteed that someone will be able to help you. Still, some departments have officers who specialize in domestic violence and have training in scanning devices for software, and they may be able to assist.

Should I delete stalkerware?

Deleting the app is an option to consider, but you should make the decision carefully. Deleting stalkerware apps might put you in even more danger if it prompts your partner or ex to engage in even scarier behavior.

Erica Olsen, who directs the safety net project at the National Network to End Domestic Violence, says deleting the app sends a message to the person who installed it: I know you did this, and now you don't have control over my device anymore. The loss of control, and the fear that they might be held accountable for installing stalkerware, can lead some people to "escalate the violence, or change stealth stalking to an assault," Olsen said.

These concerns are why multiple antivirus companies don't automatically delete stalkerware from their users' phones. 

"The decision has to be theirs," Tara Hairston, Kaspersky's head of government relations for North America, said of targets of stalkerware, "because there is unfortunately that risk."

How to delete, destroy or replace

You may decide any risk is worth deleting the app. In that case, there are a few routes you can take.

First, you can cut off the app's access to things like your camera and microphone, and then delete it from your phone. This process can vary, and guides for deleting specific apps exist online, sometimes even on the app-makers' websites. Deletion is the least disruptive route you can take, but it can leave you with lingering questions of whether there's anything left on your phone that can spy on you.

If you still aren't comfortable that your device is secure, you can do a factory reset. This restores your phone to the state you'd find it when it was fresh out of the box. You'll be signed out of all your accounts, and all the extra apps installed on your phone after purchase will be gone. Before you do a factory reset, it's important to back up any photos or files that you don't already have saved somewhere else.

Lastly, you can get a new device. This is a tough piece of advice for anyone to hear, especially if your finances are tight or your partner controls your spending. Still, that's what Allie says she decided to do. 

She didn't know if she'd be able to get rid of whatever software might be on her phone or computer, and she didn't think she'd be able to learn more than her former partner knew about hacking. She stopped using her devices and got new ones.

"I just wanted this guy out of my life," she said.