Today, more than five billion people have at least one smartphone and use the device for just about everything – from work and leisure to monitoring employees and the person with whom they live. For these last two cases, there are applications created for surveillance and the use of private data without consent: they are called stalkerwares. Below, you will learn how they act and how to protect themselves from them.
Both spyware and stalkerware refer to applications that, running in the background, monitor the user’s activity on an electronic device, remotely sending the collected data. The difference between the two is how they are installed: the first is done without the direct action of the spy; it is enough for the user to click on a link to download a program or a file, while the second needs to be installed directly on the cell phone or computer of the person to be watched.
Due to social isolation measures as a way to stop the covid-19 pandemic, the year 2020 saw the number of detected stalkerwares explode (a mixture of the words in English stalkerstalker and software, program).
Also known as spouseware (a pun with spouse, which means both husband and wife in English), it is theoretically aimed at parents, but it has also become a useful tool for jealous partners, obsessive rejected lovers and bosses who harass employees.
Last year, major stores banned these applications – but the measure, unfortunately, proved innocuous. Google, for example, has started to require that those offered at its store and that send the collected data to another device should now include a “proper consent or notice”, in addition to showing a “persistent notification” that the user’s actions are being tracked.
The loophole found by developers is precisely in the application of this Play Store rule: it concerns only applications that track adults – those intended for parents have not been affected by the new rules and will be able to continue to operate without any notice or request for consent being shown to the user (in this case, the children).
For the developer to stay in the store, it was enough for the specifications of the stalkerware to go from “adult” to “children” (and can be used to monitor both the children and the guardian with whom they live, for making it possible to connect the microphone and camera of the device remotely).
Even though they are no longer offered in the app stores, they can be found on the developers’ own website. The most popular are those developed for Android and iOS, but there are also desktop versions (much less popular). On smartphones, the wanton is complete.
It is possible to see from WhatsApp conversations (which, even with end-to-end encryption, have all your messages transmitted via screenshots) to the photos taken, passing through geographic location, connected phone numbers, accessed websites and much more.
How they work
One of the ways that this type of application is not detected is that it runs in the background in the operating system, that is, it is not possible for the user to see that it is open and working – but, like any program, it needs to consume energy to work and therefore, even if it is very well camouflaged, it still leaves some clues that indicate its presence.
Signs of a stalkerware
- Your cell phone battery starts to last much less than normal, for no apparent reason;
- There are applications or operations in progress that you are unaware of;
- On iOS devices, the presence of an application called Cydia (an open source software that allows the installation of apps downloaded outside the Apple Store);
- Active sessions from Google and Facebook on devices and times you don’t recognize;
- Webcam permissions are enabled for applications for which you have not granted permission;
- On Android phones (under “Settings”), permission to download software “Unknown sources” is enabled (the factory default is “Disabled”).
Getting rid of surveillance
Stalkerwares can be difficult to find and remove. Major digital security companies, such as Kaspersky, Avast and Malwarebytes, offer solutions. But it is important to know: when you delete the app, whoever installed it will instantly know.
If you were unable to find the stalkerware or get rid of it, you will need to make two radical decisions: reset your device to factory settings or even buy a new phone.
But if your smartphone is free of the malicious application, protect your device: use difficult passwords, configure biometrics, two-step access verification and PIN code lock.