Stalkerware is a thing- and you should know how to find it on your device
What is stalkerware:
Stalkerware is a term that is used for applications that are sold, usually by legally registered companies, to monitor children or track employees. The term “stalkerware” was coined for its wide use to monitor intimate partner’s or spouse’s activity without their consent. These apps are designed to run undetected and track or record user behavior and activity and may remotely control devices without the user’s consent or knowledge. They exfiltrate data like location, contacts, take screenshots, call and text logs, browser history, and even record phone calls. Some types of apps that are location services are expected, for instance, the Find My function in Apple phones to geographically locate devices and people, but this differs from stalkerware because it is a native application where the user is in control of who they share their location with. Stalkerware apps are especially insidious because the companies who design and sell them fail to protect all the data that is collected- opening the victims for double damage: not only do they have no privacy but much their personally identifying information for sale on the Dark Web as well leaving them open for attacks.
Monitoring from Work
Are you working from home on company-owned devices? If so, your employer is well within their rights to monitor employees on workplace devices as long as their monitoring rational is backed up by valid reasoning. You could safely assume that some measure of monitoring occurs, for instance internet usage, file and document downloads, active and idle time, and keystrokes. While it may seem attractive for employers to surveil employees to see that they are staying on track and that trade secrets are protected, improper monitoring or lack of disclosure can cause significant employee problems and legal liabilities that vary by state. Before employers deploy these technologies, we recommend coordinating with IT departments along with HR and legal to minimize legal risk and maintain healthy employee relationships.
How is stalkerware installed?
If you are an iPhones user, you are more protected: Apple goes to extraordinary lengths through its app agreements to protect the privacy of users. If your Apple device is “jailbroken,” where any app can be installed that do not need pass the rigors of Apple security protocols, you are open for spying apps. Android devices have a greater opportunity to have surveillance apps installed, though they are technically not allowed to be for sale on the Play Store.
Stalkerware is all about access: if someone besides you has physical access to your computer or phone AND have your password to get into your phone, or (very bad) has access to the Apple ID and password for Apple phones, you are vulnerable to have stalkerware installed. Using a passphrase and multifactor authentication for iCloud or Google account to protect you from unwanted logins can help alert you of logins, however many of the stalkerware apps manage the settings to quiet notifications and turn off multifactor authentication. If anyone gifts you with a device or phone, consider doing a full restore.
Some Clues Your Phone or Device is Compromised
- Reduced battery life
- Keyboard lag when typing, like a letter is stuck
- Phone gets hot to the touch even when you are not using it
- Shut down or start-up times are longer than usual
- Unusually high data usage
- Sudden pop-ups
What to do:
- Check your apps list- see anything you don’t recognize? You may not see an icon on your phone, but the name may show up in the main app list. Stalkerware is not always easy to recognize, for instance, one app can be found as “System Update Service,” not the actual name of the app.
- For Apple devices (iOS) it may also show up as a malicious profile. To check, go to Settings > General > Profiles & Device Management. If you don’t see the last option, it means there’s not a mobile device management profile installed on your phone (good news). If you do see it, investigate what the profile is by clicking “More Details.” There should be a “Remove Management” option in the settings also. If you find something, it could also be a Mobile Device Management program if your device is owned by your employer, or you use your personal device for work purposes.
- For iOS, open iCloud drive, click on your username and then iCloud settings and Sign Out of All Browsers
- Erase and reset your device to remove stalkerware- after you back up your data.
Check your Computer
Computer-based spy programs contain keystroke loggers that monitor the things you type. Third-party security applications like Bitdefender or AVG can be used to spot spyware and stalkerware. On a Windows machine, open up Task Manager and on an Apple machine check out Activity Monitor to see everything that is running. Do you recognize the apps? Since the stalkerware will masquerade as a system app or use a false name be vigilant. Are there a few apps using a lot of disk space? Run a web search for any applications that you are not familiar with.
If you are using a computer supplied by your employer and feel there is an issue, discuss this with IT support. If your personal machine has given you clues that stalkerware may be present, make sure you are using a well-known antivirus and your subscriptions and updates are current.