Protecting against stalkerware and exposure of private images

Illustration of a computer screen with a hand typing, exploring options to defend against stalking. Options on the screen include name alert, block and report a problem. A glass of water is on the left side of the computer and a plant is on the right. Illustration by Laura Ibáñez López.

Author

Rohini Lakshané
Published on: 5 November 2024

Search for “How to spy on my spouse” on the internet (or replace “spouse” with “lover”, “girlfriend”, or “boyfriend”) and it reveals a disturbing reality. There are scores of results for persons who suspect their partners of infidelity, or are frustrated and heart-broken over an unexpected or messy break-up, or facing separation, divorce, or a child custody battle. The results demonstrate what happens when the surveillance economy meets abusive intimate partners. There is a variety of advice including suggestions to hire a private detective who provides information and evidence of the target’s activities, to install tiny spy cameras in the places where the target expects privacy, or to stalk them via their laptop or phone.

Imagine a scenario where someone convinces their partner to install a 'safety app’ to know their location in case of emergencies. The app is supposed to pick up and convey the device’s location only when its user triggers an SOS alert, which it sends to their emergency contact(s), in this case, the partner. Such location tracking can sound as if it comes from a place of concern. Yet, in reality and frequently unbeknownst to the partner, the app also allows constant monitoring of their movements. Such an app is an example of stalkerware, a term for a set of tools -- software programs, apps or devices1 -- that enables secret surveillance, often used by employers, abusive intimate partners or exes. The term “spouseware” is sometimes used to refer specifically to stalkerware deployed by spouses.

Stalkerware in disguise

Stalkerware can masquerade as legitimate and useful software. To quote another example, two schools in Philadelphia installed the LANrev TheftTrack program on the laptops it issued to students. A feature in the programme meant to track stolen or misplaced laptops allowed administrators to remotely and clandestinely switch on the laptop’s camera. In 2010, it was discovered that some students were photographed without their knowledge on laptops that were not reported as missing or stolen. Some of the photos allegedly showed them nude or partially nude in their homes. 

Some stalkerware are programmed to automatically hide themselves when installed on devices. They lack an icon and mimic legitimate processes in the phone’s software to evade detection.

Kaspersky’s annual The State of The Stalkerware report identifies the top 10 stalkerware apps in the world in terms of the number of affected users: TrackView, Reptilic, SpyPhone, MobileTracker, Cerberus, Wspy, Unisafe, Mspy, MonitorMinor, and KeyLog. While the number of affected users in the 2023 report ranges from approximately 800 to 4,000, the actual incidence of stalkerware apps is likely to be higher.

The invasiveness of stalkerware

Installing stalkerware typically requires physical access to the target's device, but the technical know-how needed is minimal. Alarmingly, a plethora of commercially available apps marketed for parental control or employee monitoring can be easily repurposed for stalking, making them a tool of abuse, coercion and harassment. Take for instance, KidsGuard Pro, sold by its developer ClevGuard as a parental control app. It offers a range of functionalities, including allowing the stalker to remotely:

  • View call history, texts (even deleted ones), and record phone calls 
  • Take screenshots and a video recording of the screen
  • Activate the camera and microphone to capture photos, videos and audio of the surroundings
  • Track GPS location and view location history
  • Read messages on instant messaging and social media apps
  • View browsing history
  • Access photos, videos, documents, calendars and other files

All of this happens without the target's knowledge. This level of detail makes the stalker privy to every aspect of the target's life. The stalker can view, for example, a doctor's appointment on the calendar, a copy of an ID stored in the files, a credit card statement revealing a security purchase such as a video phone for the door, chats with a new match on a dating app (and thus the prospect of a new partner), or a recording of a phone call the target made to a friend describing the stalker’s domestic abuse. ClevGuard indeed lists it among the “best spy apps” to “determine if your spouse is cheating.”

Intimate partner abuse is seldom restricted to either the online or the offline realm; it is pervasive. If an intimate partner is using stalkerware, chances are high that the person being surveilled is already experiencing abuse, violence, coercive control, or harassment in the relationship or even after the relationship has ended. The detailed information it gathers allows the stalker to know when and where their target is likely to be vulnerable, or even impede their attempts to escape or seek help. This can lead to further abuse, a threat to the target’s safety, and may overall exacerbate the situation.

How stalkerware leads to image-based abuse

One of the potential threats of stalkerware is image-based abuse. Colloquially called “revenge porn”, image-based abuse occurs when someone captures, creates, publishes, distributes or threatens to distribute the nude or sexually explicit images or videos of another person without their consent. Such images and videos are called “non-consensual intimate images” (NCII). These are modes via which stalkerware may lead to image-based abuse:

Remote capture: Stalkerware can be used to remotely switch on the phone’s camera and microphone to clandestinely shoot photos and videos when the target is nude or in a sexual act. The stalker may distribute or threaten to distribute this content.

Exploiting existing images: The stalker can also access nude selfies and sexually explicit videos that are already stored on the device, giving them ammunition for future threats or distribution.

Accidental leaks: Even if the stalker does not intend to share the images, leaks can happen due to, say, lost or stolen phones, compromised media-storage accounts in the cloud, or email hacking.

Once put into circulation on the internet, the images are extremely hard to remove completely. Those removed from one location on the internet may reappear elsewhere. This is known as downstream distribution.

Image-based abuse has a devastating impact on all aspects of the lives of victim-survivors who face public humiliation, stigma, social boycott, job loss, abandonment by family, and mental and physical health issues, and many more ramifications. Some consider suicide. (For more information about the impact on victim-survivors, the modes of capture, access, and distribution of images and videos, and remedies, refer to the paper, Non-consensual intimate imagery: an overview.) 

The stalker or anyone else who comes to be in possession of these images may resort to “sextortion”. They may extort money from the target, or demand more sexual imagery or favours in return for not distributing the images on the internet or not sending the images to specific persons known to the victims. 

The stalker may also use the images to intimidate or manipulate the target. A former lover may demand getting back in the relationship. A separated spouse may lay down coercive conditions in divorce, alimony or child custody proceedings.

Data insecurity

The security of stalkerware is concerning. Several investigations conducted by researchers and journalists over the years (see herehere, and here) have found that various stalkerware leaked data and suffered data breaches at the hands of unethical hackers, affecting hundreds of thousands of their users and the targets the users were surveilling.

Leaked data often ends up on the public internet (and the dark web), and may contain the NCII of the targets along with their personally-identifying information such as names, locations, and social media profiles. It is thus a gold mine for cybercriminals. It puts the victims at the risk of several kinds of harm including image-based abuse, identity theft, and extortion. The images and information obtained from the leaked dumps on the internet can be reposted elsewhere. Extortion and defamation websites such as the now-defunct IsAnyoneUp display intimate images with personal information and demand money for their removal, which is an act of sextortion.

The problem with the security of stalkerware is three-fold: 

  • Stalkerware companies prioritise profit over the security of their software and sensitive data. This lack of responsibility is unsurprising. Companies that profit from interpersonal trust issues and unethical (and potentially illegal) surveillance are unlikely to invest in robust security measures. As Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation, puts it, “The people who run these companies are perhaps not the most scrupulous or really concerned about the quality of their product.”
  • Stalkerware is an attractive target for malicious hackers because of the volume and sensitive nature of the data it collects and holds, and its relatively lax security measures. 
  • As long as the stalkerware exists on the internet, data leaked to harmful entities is a constant threat to the stalkerware’s targets, putting them at further risk of cybercrime and exploitation.

Addressing image-based abuse via stalkerware

The cheapest and simplest safeguard against the surreptitious capture of photos and videos via stalkerware and other kinds of spyware is to use removable stickers that physically cover the camera lens. These go by the names “camera covers”, “privacy stickers” etc. It is advisable to either switch off the phone or keep it away (inside a backpack or a similar enclosed space), during intimate acts and sensitive conversations because stalkerware may record the events in its surroundings. Some more strategies and resources for victim-survivors are stated in the previously mentioned paper.

Cleaning up sensitive data and protecting it with encryption helps. However, some kinds of stalkerware can access the contents of even encrypted messaging apps and file storage.

Detecting and removing stalkerware

Note: Searching for stalkerware, removing or disabling it may alert the stalker and may potentially cause the abuse to escalate. Please use your discretion while following the suggestions in this article, and have a safety plan. It is advisable to seek specialised support for this, using a device and a connection that the stalker does not use and is not likely to surveil.

The Coalition Against Stalkerware offers a wealth of information about stalkerware, getting help, and resources for survivors through StopStalkerware.org. This includes information about local support groups in some parts of the world. 

The DeStalk campaign offers information and resources for survivors and those supporting them, and a free e-learning course on cyberviolence and stalkerware. It is located in Europe, so the advice and resources are mostly Europe-centric. 

Anti-malware software such as those developed by Kaspersky and MalwareBytes flags the stalkerware it finds on a device. These software are available for a variety of operating systems and types of devices. A precaution is to avoid malicious apps posing as well-known software for enhancing security and privacy. Malicious software (called “malware”) can masquerade as anti-malware. For information about identifying fake apps and software, refer to this and this article. 

Kaspersky has also developed a free tool called TinyCheck, which allows users to discreetly check whether spyware is installed on their devices. However, using it may require some degree of technical knowledge. This article provides more information about TinyCheck, how to use it, and stalkerware in the context of intimate partner abuse. 

TechCrunch offers this spyware lookup tool and instructions to check whether an Android device was compromised by TheTruthSpy stalkware app or other apps in its cluster. These apps belong to a network of commercially available stalkerware. 

The Safety Net project offers a guide for checking devices for rooting and jailbreaking as a part of a larger toolkit for victim-survivors of violence. Rooting and jailbreaking enables abusive partners to compromise the security of devices in many ways, making them more vulnerable to stalkerware and other threats.

In terms of preventive measures, 

  • Be cautious about app downloads: Only install apps from trusted sources.
  • Keep software updated: Regularly update your operating system, apps and security software.
  • Be mindful of public Wi-Fi: Avoid accessing sensitive information on unsecured networks.

Recommended viewing: The Myths and Realities of Stalkerware video by Safety Net Project.

The next part in this series explores countermeasures for popular techniques used by stalkers that involve commonly used apps, features and online services.  
_______

1 Definition adapted from the Coalition Against Stalkerware https://stopstalkerware.org/   
 

Rohini Lakshané is an interdisciplinary researcher, technologist and Wikimedian. https://about.me/rohini  
Illustration by Laura Ibáñez López. https://cargocollective.com/pakitalouter