Beware of Apps That Turn Mobile Phones into Spies

Posted on by Kacy Zurkus

While technology offers parents a little peace of mind in letting them monitor their children’s whereabouts and online interactions, these surveillance apps are also being misused. Perhaps you’ve read about victims of spyware, or stalkerware, in which unsuspecting users are being tracked by jealous lovers, former partners or otherwise unsavory actors.

Threats from cyber-stalkers have long been a concern, but as the ability to sleuth without detection grows easier, victims of stalking need to understand how to protect themselves and their data. Toward that end, Malwarebytes has published a set of awareness blogs for domestic abuse survivors and advocates on what to do if they have stalkerware on their phones.

Thus far in 2019, Malwarebytes has analyzed more than 2,500 samples of programs that had been flagged in research algorithms as potential monitoring/tracking apps, spyware or stalkerware, according to David Ruiz, Content Writer at Malwarebytes. “We have grown our database of known stalkerware to include over 100 applications and more than 10 that are, as of October 1, still on Google Play,” Ruiz said.

Monitoring, Spying and Stalking, All in One

One question that is really important in any conversation about tracking apps is how researchers are able to discern the difference between a parent monitoring a child and a stalker spying on a victim. According to Ruiz, researchers perform deep analysis on the monitoring apps that approach the border between good and bad, and that includes parental monitoring apps.

“A good parental monitoring app will include persistent notifications to the end-users, and it will not overstep the bounds of what should and should not be monitored. Through persistent notifications, such an app cannot be used to spy in the background,” Ruiz said. What can be problematic is that there is no one size fits all when it comes to what is appropriate or crosses the line. It’s subjective but opening the door to monitoring apps can be a slippery slope.

In a recent blog post, Avira explained, “Stalkerware apps have more spying and controlling features than the parental apps. Some of these functions include phone call recording, data exfiltration, assuring persistence and reconnaissance, location history, remote microphone/ camera spying, activity monitoring, conversation eavesdropping, access to social media and storage media contents, unauthorized access, keylogger and more.”

Sometimes, a parental monitoring app does blur the line between what is considered a monitor, which is why user awareness is critical. Spyware, stalkerware and tracking apps do have overlaps in their capabilities, which means “the same app can be used for several purposes—and also not so legitimately,” Avira explained.

It’s when the app is being used inappropriately that the ability to detect and warn users about the app’s presence is increasingly important. Yet Malwarebytes has done more than detect and alert, including presenting information on protecting both domestic violence survivors and the advocates who are with them in the field at the National Network to End Domestic Violence’s annual Tech Summit. In addition, Malwarebytes—along with Electronic Frontier Foundation, Kaspersky, Avira, Norton LifeLock and several other organizations—is a founding member of the Coalition Against Stalkerware.

Building the Right Relationships

Regardless of how many alert notifications go out or how many apps are uninstalled, if law enforcement doesn’t take the issue of stalkerware seriously, victims may have little recourse. That’s why engaging with law enforcement is an important piece to the spyware puzzle.

“We have twice met with representatives from the Morgan Hill location for Community Solutions, presenting to domestic abuse advocates and to local law enforcement representatives, including a supervising deputy district attorney for Santa Clara, sergeant with the Santa Clara County Sheriff’s Office and a detective sergeant with the City of Gilroy’s Police Department,” Ruiz said.

Despite law enforcement communicating that they have a clear understanding about stalkerware and its threats, they did agree that rooting it out and finding evidence of how it has been abused is much more difficult. Ruiz said they wanted a tool that could not only detect and remove stalkerware but also a tool to see what types of information a stalkerware user wrongfully gained access to on a person’s device.

“In my own reporting, I’ve reached out to district attorney’s offices for Santa Clara, Alameda and San Francisco, San Jose’s family violence center within its police department and the FBI in San Francisco,” Ruiz said.

In that reporting, Ruiz evidenced that authorities know about the dangers of stalkerware and take it seriously when working on cases of online harassment, cyberstalking, stalking and domestic violence. “My sampling is of course anecdotal,” he added. “When I’ve spoken with victims’ advocates in other regions, I’ve heard of individual cases in which local police do not take stalkerware use seriously, or simply do not understand the damage it can cause.” 

Kacy Zurkus

Senior Content Manager, RSA Conference

Hackers & Threats


Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs