Toolkit: Stalkerware

Stalkerware is surveillance software used for cyberstalking or spying, generally on spouses or intimate partners. For the purposes of this toolkit, “stalkerware” refers to both malicious software or commercial monitoring tools that have the ability to operate in “stealth mode,” meaning they are intended to hide their presence from the legitimate user. 

Note: OSE Toolkits are primarily focused on safety and security issues related to the topic. Additional resources may be found in the resources section. 

Understanding stalkerware

Is stalkerware illegal? 

It depends. In many cases, laws need to be updated or added to address this growing threat. However, stalkerware is often criminalized under existing legislation. Many states have current or pending laws to address this, which may be seen here. To date, multiple individuals using stalkerware to spy on a person have been prosecuted for crimes related to its use.

What are the privacy and safety implications of stalkerware? 

Stalkerware, by its nature, violates the privacy of victims and places their safety at risk. Stalkerware can be used to determine GPS location, access phone logs, read private messages, activate the camera and microphone, view the device calendar, and more. In cases where the stalkerware control servers are accessed by hackers, the individual’s privacy is further violated.

What are the security implications of stalkerware?

Stalkerware is, by design, unwanted and malicious software. The presence of stalkerware on a device can open up additional security holes that may be exploited by hackers.

How is stalkerware installed?

Stalkerware installers are normally purchased from an online company or developer, although in some cases apps may be misused or disguised from the authorized app store for devices. In most cases, stalkerware requires physical access to the device to be installed and security settings must be disabled or modified first. The attacker downloads the software onto the device and installs it, then configures it to make it more difficult to detect. 

How can I prevent stalkerware? 

While not an option for everyone, the best way to prevent stalkerware installation is to use a strong password or secret PIN and prevent physical access to the device. Installing antivirus software will detect and prevent malicious software from installing or running. Additionally, keeping the device operating system updated will install critical security patches.

Detecting stalkerware

The most common way to check for stalkerware is to install an antivirus solution. The following antivirus developers are among those that effectively identify stalkerware: 

Collecting evidence

It’s important to preserve digital evidence in order to give legal advocates or law enforcement the tools they need to pursue other options. Additionally, information collected by victims of stalkerware may be used in court of collected properly.

  • Take screenshots of modified settings or stalkerware apps
  • Using another phone or camera, record video and take images of the stalkerware in action
  • If possible, consider hiring an experienced digital forensic specialist to securely copy and analyze the device
Creating and completing an Evidence Chart

As a matter of best practice, evidence should be stored in at least two different types of media (for example, print, CD, thumb drive) and three different locations (hard drive, safe deposit box, secure cloud storage, email, with a trusted friend, etc). also offers Evidence Documentation Tips

Removing stalkerware

Note: removing stalkerware apps will alert the attacker that the software has been discovered. Please make sure to consider the risk prior to removing any discovered apps.

Coalition Against Stalkerware offers information for survivors

After removing stalkerware from a device, make sure to scan all other devices, change all online and device passwords, and enable two-factor authentication whenever possible.

Legal remedies 

Stalkerware may violate local laws depending on the relationship between the attacker and the victim, depending on other factors. If you detect stalkerware on your device, contact law enforcement or legal advocates using a trusted device. 

In many cases, installing stalkerware on a device can violate wiretapping statutes and constitute a felony.