How to find stalkerware on your smartphone

Privacy Please is an ongoing series that explores the ways in which privacy is being violated in modern society and what we can do about it.
Your digital window to your soul may just be a Peeping Tom.

Stalkerware is a malicious class of software that runs in the background of smartphones. It is designed to monitor your every move and then report that information back to the person who decided to spy on your most private and personal details.

Smartphones are becoming more embedded in our everyday lives and the amount of information that we knowingly or unknowingly share with them is also growing. This has been in many ways a blessing, but not only to those we are thinking of.

Eva Galperin, the Electronic Frontier Foundation's director for cybersecurity, said that "Stalkerware" is a particularly pernicious threat because it has such a large amount of information. "Stalkerware is able to track your location, record your text messages and phone calls, steal your passwords to social media accounts that you log in through your phone, and reveal your contacts, photos, and even encrypted communications.

The threat is real. Kaspersky Lab, an anti-virus company, reports that it discovered stalkerware on 58.487 mobile devices in 2018.

"Stalkerware on smartphones affects all walks of life"

Journalists and activists are often the targets of these attacks, as you might guess. But that doesn't mean the average person shouldn't be concerned. It's far from the truth.

Galperin stated that stalkerware is a common tool for domestic abuse.

She wrote that stalkerware on smartphones, like other forms of domestic abuse affects all walks of life. "I have been contacted from men being spied upon by women, men being spy on by men, women being spied upon by women. But the majority of cases I see are women whose phones are being monitored by a partner or former partner, which is often a man.

This is an extremely modern concern, but it is not new. Motherboard's excellent reporting on the subject allows one to take a short trip down the terrifying path of stalkerware. It's not a pretty sight.

This is a serious problem that has real-world consequences. There are ways to help yourself.

How to scan your phone for stalkerware

Stalkerware is designed so that it goes unnoticed by the victim. It is important to identify the program on your phone so that you can address the safety and personal violation.

How do you do this? Objective-See founder and security researcher at Jamf Patrick Wardle explained that keeping your phone locked and secure will prevent stalkerware being installed on it.

He explained via Twitter that it is generally very difficult to install stalkerware [without] physical access to a mobile device. So, step 1 is to ensure your device is protected against such threats. For example, a passcode. (That you don’t share!)

This is great advice, but it's not always easy. If you are in an abusive relationship and they install this monitoring software on your phone then that person could also request access to your device.

However, this doesn't mean that you are powerless. An anti-virus program from Kaspersky Lab can be used to scan your Android phone for stalkerware. The anti-virus program will notify you if there is a hit.

In an April press release, Alexey Firsh, a Kaspersky Lab researcher stated that users have the right to find out if such programs are installed on their devices. "Our alert will allow them to assess the risk and provide information that they can use to help do so.

"This industry is fraudulent and all those who provide these services are the worst people on the planet."

Not only Android phones are at risk; your iPhone is also a tempting target for those who want to spy on you.

Wardle explained that if stalkerware is installed on iOS, it could show up as an unknown app or a malicious profile.

Go to Settings > General > Profiles & Device Management to check for stalkerware. If the last option is not available, this means that there's no mobile device management profile installed on your iPhone. This is a good sign. Click "More details" to see the profile if you can't see it.

You should also see a "Remove Management” option in the settings.

Wardle stated, "Of course, it's worth noting that company-owned devices and BYOD devices may have MDM profiles installed. This is normal, but not concerning."

Security Researcher Ivan Rodriguez provides a detailed look at stalkerware and the different ways it can be installed on your smartphone in this blog post. You can keep your phone clean by following these tips: Keep it updated, enable 2FA in your iCloud account, and perform a complete restore if you are given a new smartphone as a gift.

He explained via Twitter how anyone can find signs of stalkerware in their phones. Although he clarified that his research is focused on iOS devices only, he said that some of the advice can be applied to Android phones.

Rodriguez stated that it is difficult to determine if an iOS device has stalkerware. "Even for security professionals, there's no easy method to search for modifications in the device. Apple also doesn't allow antivirus applications on the App Store.

He recommended paying attention to the following: "From day to day, the device's batteries don't last as well," "keyboard key's have some lag when tapping (Like a Letter's animation getting stuck),", the "device runs short of space quickly", or "the location services "arrow" is always on."

Rodriguez generally has a low opinion of stalkerware creators and distributors.

He wrote, "This industry is fucked-up," in his blog post. "And everyone providing these services to are among the worst people on the planet."

SEE ALSO: How can you tell if your boss monitors your keystrokes

You will never be digitally tracked with stalkerware, or any other invasive tech. This is a reality, however.

UPDATE: September 24, 2019, 11:33 AM PDT: This story has been updated with additional information from Patrick Wardle regarding MDM profiles.

This story was first published in September 2019, and it was updated in August 2021.