Skip to main content
  1. Home
  2. Mobile
  3. Features

Stalkerware: The invisible threat faced by domestic abuse victims

Halley Bondy
By
Chris DeGraw/Digital Trends

Note: This story contains descriptions of digital abuse and references to domestic violence.

Early in her marriage, Samantha noticed that her husband would disappear into the bathroom for a long time. When he came out, he’d be angry with her.

Recommended Videos

“Later on, I found he was reading my text messages,” Samantha told Digital Trends. “They were forwarded to his phone.” 

His behavior escalated, according to Samantha. In addition to violent behavior, he attempted to hack into her relatives’ bank accounts. She left him in 2015, but the abuse didn’t end. He registered a car under her name, and he seemed to know whenever — and wherever — she made a purchase or walked outside.

“I was living four states away from him, and somehow as I would be leaving, he would show up,” Samantha told Digital Trends. She declined to give her last name because her husband is still attempting to monitor her digital life.

Phone Stalker
SpeedKingz/Shutterstock

“It would seem crazy and paranoid to think someone is tracking you like this. People don’t think these kinds of things are possible. It makes you question your sanity  Since the abuser could no longer physically control or punish me, this was his way of inflicting pain,” she added.

It was only two years ago, after being continuously terrorized, that Samantha discovered the full extent of her abuser’s monitoring — thanks to the help of domestic abuse specialists and tech labs that scanned her phone. She believes he hacked at least five of her devices with stalkerware over the course of their relationship.

“Stalkerware” is a catchall term for apps that secretly monitor a victim’s communications, location, photos, password keystrokes, and more.

Domestic abuse has increased dramatically since COVID-19 forced couples into lockdown. However, the use of stalkerware has decreased during the pandemic, according to cybersecurity company Kaspersky. 

“Right now, the victim and abuser are always together,” said Kaspersky Lab’s research development team lead Victor Chebyshev. “There is no need to monitor activity if they are in the same place.” 

Chebyshev fully expects that the use of stalkerware will spike again once more people cease sheltering in place.

“It makes no difference if there is a quarantine, social distancing, or any other crisis situation, as we are continuously on guard without any moment of pause,” he said.

Cybersecurity firm Avast, however, detected an increase of stalkerware use during lockdown. The discrepancy may demonstrate how little of a grasp we have on these numbers.

“It remains to be seen how the numbers of detected stalkerware will look like at the end of the year, as this will show us a clearer picture,” said Chebyshev.

Stalkerware’s disturbing history

Westend61/Getty Images

Stalkerware has been around for more than a decade, though it has historically fallen under the “spyware” umbrella until recently. Using these apps as a domestic abuse tactic is still a relatively new topic among tech companies and lawmakers, though not due to a lack of prevalence.

Use of stalkerware spiked globally in the past two years, according to Kaspersky, which found that 35 percent more people worldwide had encountered the apps in 2019 than in 2018. These numbers are likely low since they are based on reports by users who managed to scan and locate the stalkerware on their devices.

A February poll conducted by Harris and NortonLifeLock found that 10 percent of Americans have used an app to monitor their ex- or current partner’s calls, messages, emails, and photos without the partner’s knowledge or permission.

“We’ve seen a huge increase, we believe, for two reasons,” said Chebyshev. “One, because we’ve improved our detection, and two, because developers who create stalkerware started to fight against our detection.”

“It was quite shocking as well to see how bad the problem is”

 

Last year, competing security companies like Norton Lifelock, Kaspersky, Malwarebytes and others banded together to fight the uptick of stalkerware through the Coalition Against Stalkerware. 

“It was quite shocking as well to see how bad the problem is,” said Chebyshev, “[COVID-19] provides some time to focus on activities that we are doing together with the Coalition Against Stalkerware in order to increase general awareness about the problem. … Nonetheless, we think that the fight to protect all users against stalkerware will still be there for a while, unfortunately.”

Detected Spaware apps chart
Avast

Meanwhile, nonprofits and domestic violence organizations are scrambling to help survivors deal with the invisible problem while they’re in confinement. In a groundbreaking program in New York, Cornell Tech’s Clinic to End Tech Abuse teamed up with NYC Family Justice Centers as part of the New York City Mayor’s Office to End Domestic and Gender-Based Violence (ENDGBV) to scan and wipe survivors’ phones. The service is remote during COVID-19, with tech specialists making appointments in specific boroughs. 

“There’s a lot of gaslighting going on with this abuse,” said Jenise Jenkins, director of operations for the NYC Family Justice Centers. “An abuser says ‘You don’t know what you’re talking about.’ It is hugely beneficial for our clients to know and be assured that they were not making this up. They’re hearing confirmation from a professional. Plus, once they know it’s just an app, they can do something about it.”

Cornell Tech has developed an open source antivirus technology called ISDi, which survivors don’t have to install, thereby evading the abuser’s detection. While stalkerware has decreased during COVID overall, Cornell Tech is anecdotally reporting the same number of concerned survivors.

“I thought there would be a drop-off, but we’re busier than ever,” said Diana Freed, doctoral fellow and Ph.D. researcher at Cornell Tech. 

Recovering from stalkerware

security engineer worker his job
Image used with permission by copyright holder

One size does not fit all when it comes to action plans for survivors. Samantha is currently living at a private address. One of her devices is still hacked — her abuser doesn’t know that she knows he has access to it. She only gives him harmless information. This way, she can control him, rather than vice versa. She is seeking a divorce, but has not gone to the police. 

“It’s very difficult to prove, especially when there’s a spouse and you shared a phone plan. Gaslighting and mental warfare, which are nontangible, are difficult to explain to non-trauma informed people,” said Samantha. “Also, if he finds out I know, he might change everything.”  

Stalkerware presents a legal puzzle. It is generally legal to develop the technology that underlies many apps used as stalkerware. Users can be brought up on charges like stalking or fraud if they deploy the technology for illegal purposes. However, it is difficult to prosecute; the technology is shadowy and survivors are often unwilling to share their actively monitored devices with forensic police teams. Almost half of domestic abuse cases go unreported.

“Accessing someones’ device can be violating all sorts of computer privacy laws,” said Erica Olsen, director of the Safety Net program at the National Network to End Domestic Violence. “But there are so few options for finding it, proving it, and getting rid of it. Survivors are usually forced to do a factory reset or get a new phone, which means that the evidence is not preserved.”

No easy solution

Man sitting on rail as people walk by
Westend61 / Getty Images

The U.S. has a huge stalkerware problem, but the nation is ahead of the curve when it comes to fighting it. In October, the Federal Trade Commission brought allegations against three stalkerware companies after they enabled users to engage in illegal monitoring activities on their platforms. Globally, the case is only the second of its kind: In 2014, a U.S. court successfully shut down a Pakistan-based stalkerware app.

Most stalkerware can be downloaded from stand-alone websites or through Google Play for Android phones — though Google has launched initiatives to filter out these apps. The search giant announced last week that it would ban ads for stalkerware apps — specifically ones “that are marketed or targeted with the express purpose of tracking or monitoring another person or their activities without their authorization.”

Android devices are also susceptible because they are open source and have a diverse ecosystem; several versions of the Android operating system are available simultaneously, making security updates erratic. Stalkerware is less common on Apple devices, since the App Store is strict about development and submission. 

Any abuser can upload stalkerware, whether or not they have a tech background.

It’s impossible to detect many stalkerware apps without a targeted stalkerware scan, and that kind of scanning tech is still in its infancy. These apps are typically buried deep in a victim’s phone system — usually under innocuous file names like “WiFi Check,” meaning victims usually don’t notice them on their own.

Any abuser can upload stalkerware, whether or not they have a tech background.

“It’s pretty simple. You just have to Google the steps,” said Jenkins. “It happens more frequently than the layperson would think. With domestic violence survivors, they’re already dealing with so much that it just compounds their worry and concern for their safety and for their children.” 

Once the information reaches the apps, the victims’ problems may only get worse, according to Chebyshev. Many stalkerware apps upload victims’ information onto insecure servers. Hackers can easily retrieve the information, and the app can use it for its own data and marketing purposes since there is no privacy agreement with the victims.

Freed said that anyone who is suspicious of activity on their phone should use reputable antiviral software that detects stalkerware — not just adware. Kaspersky, MalwareBytes, Avira, McAfee, and Avast all reportedly target stalkerware with success. In addition to its anti-stalkerware technology, CETA also provides step-by-step instructions on disconnecting from abusive partners, from removing saved passwords to enhancing Facebook security. 

Samantha said she has more than one device, and she uses them all for different purposes in order to throw off her abuser. One device is for educational software for her son, for example. Another is for trusted friends and family. She is extremely careful about giving out her information to anyone.  

“I deserve to live a normal life. If this is how I have to do it, that’s what I’m going to do,” she said. 

If you or someone you know is experiencing domestic abuse or stalking, contact the National Domestic Violence Hotline at 1-800-799-7233.

 

Topics
Halley Bondy
Halley Bondy
Halley Bondy a professional freelance writer, journalist, editor, producer, and mom based in Brooklyn. You can find her…
The 6 best tablets for kids in 2024
Fire HD 6 Kids Edition

Tablets, which cater to a wide range of purposes, are also excellent devices for children. Younger kids will be able to access educational and entertainment apps with a tactile experience because of the devices' touchscreens. while older kids can use them for their schoolwork and recreational activities. However, not all tablets in the market are designed for children, so to help you decide what to buy, we've rounded up the best tablets for kids of all ages.

There are no limitations to the learning and creativity of children, and a tablet will help them develop their knowledge and skills like no other gadget can. While it's still necessary for parents to guide their kids in maximizing the use of their tablets, it can't be denied that the device has the potential to be a useful tool for your children as they grow up. Buying them one of our recommended tablets below will make sure that they get an appropriate device for their age, as we took into consideration several factors that prioritize your kid's well-being above all else.
The best tablets for kids in 2024

Read more
Visible’s affordable 5G plans just got even cheaper
The Visible logo on a smartphone.

Visible has a new offer that can help you save significant money when switching to its service. Both Visible and Visible+ packages are now available for purchase upfront on an annual basis. These new annual plans are available for new Visible customers starting today, while existing customers will gain access to them this May.

With this new deal, the Visible+ plan costs $395 per year when paid upfront instead of $540 when paid in 12 monthly installments of $45 each. This means you can save $145, which is 26%. That's an incredible savings. When paying upfront for the regular Visible plan, it will cost $275 per year, saving you $25. If you pay for it monthly, the standard Visible plan costs $25 per month (or $300 per year).

Read more
iPhone SE 4: news, rumored price, release date, and more
The Apple iPhone SE (2022) and Apple iPhone SE (2020) together.

While the spotlight always seems to be on Apple’s mainline iPhones, the iPhone SE is a great pick for those who are on a budget. If you want an iPhone that doesn't break the bank, the SE is the way to go.

The original iPhone SE came out in 2016, and then Apple revamped it in 2020 and 2022 by giving it some more modern hardware. The iPhone SE tends to get updated every two or so years rather than annually like the traditional iPhone. This means  that we should see a new iPhone SE 4 this year, but it’s not so cut-and-dried with this particular model.

Read more