Akshay Bhargava serves as the Chief Product Officer at Malwarebytes. Former McKinsey consultant, Oracle Cloud Executive, FireEye Products.
The defining feature of 2020 is the global coronavirus pandemic, and a grim effect of the stay-at-home orders has been the documented increase in domestic abuse. If someone is in an abusive relationship, it can be a nightmare to be trapped with their abuser. But suppose you were in that situation and managed to get away, by moving in with a friend or relative. How scary is it to realize that your abuser might still be following you on your phone?
Even if survivors can physically get away from their abusers, they may be unable to truly escape if an abuser has installed monitoring technology on their phone. Invasive technology is increasingly finding its way into consumer-grade software. Most often in the form of apps, this technology can relay private information about a victim to an abuser without the victim’s knowledge or consent, including their location, photos, audio, browser and call history, emails and more. Awareness of these apps, known as “stalkerware,” is important to users everywhere as they are often used as a weapon against those experiencing intimate partner violence, typically installed by the abuser who has physical access to the victim’s phone. Survivors say stalkerware can put them at risk of tremendous psychological, emotional and physical harm.
Those of us in the cybersecurity industry often categorize these stalkerware-type apps under the “monitor” and “spyware” category. This means they are not immediately removed from a device upon detection as with traditional “malware,” which is a critical distinction, as doing so could put the potential victim at great risk. This type of app is on the rise as Malwarebytes alone has logged over 55,000 “monitor” detections since March 2019.
Signs Of Stalkerware
What can you, or anyone, do about it? How can you tell if you have stalkerware on your phone? That can be tricky. Some stalkerware apps are available under the guise of parental control apps, but many stalkerware apps hide on phones by mimicking the look of an innocuous app like anti-theft tools. However, there are some signs that you may have a tracking app on your phone: faster-than-usual battery drain, longer-than-usual shutdown time and longer response time, to name a few. Questions you should ask yourself: Does your phone feel warm when not in use and not charging? Are you seeing increased and unexplained data usage/internet activity? When on a call, do you hear clicking, static, echoes or distant voices? These may be signs of stalkerware.
There is no one-size-fits-all solution; that’s why when you discover an app on your device, or someone else’s, consult experts before taking action. When we find these types of apps on someone’s device, we don’t automatically remove them. After all, for the domestic abuse survivor who lives with their abuser, the sudden removal of a stalkerware-type app might anger the abuser, only worsening the survivor’s situation.
If you don’t have stalkerware on your phone, you can take preventative measures to help keep it off. By creating a six-digit passcode or using a biometric phone lock, you can lessen the chances someone is able to install these apps in the first place, but keep in mind, biometrics may not be as effective when a survivor is living with their abuser. You can also install antivirus software to protect yourself from other threats beyond stalkerware and be careful when clicking on links unless they are from trusted sources.
Thankfully, there is a network of resources, advocacy groups and shelters that can provide support for survivors of domestic abuse and stalking. In an emergency, call 911. While not all law enforcement agencies are trained equally on the dangers of digital abuse, they are a resource for victims in addition to organizations like the National Domestic Violence Hotline and the National Network to End Domestic Violence. These nonprofit groups support survivors through a variety of channels: from a safe, noninfected phone, victims can call 1-800-799-SAFE; for legal questions, survivors can visit the website for the WomensLaw Email Hotline or download the free app DocuSAFE, which helps survivors collect, store and share evidence of stalking and other abuse.
Those of us in cybersecurity are working to identify and detect programs that can do harm. As part of an effort to share resources and unite vendors and nonprofits to help fight against these harmful applications, the Coalition Against Stalkerware was formed in 2019, enabling collaborative work between software developers, security firms, nonprofits and survivors to eliminate this abusive technology and software. As technologists today, we must consider victimization/perpetration factors when engaged in anti-abuse testing or stress testing products and solutions. Each member of the Coalition Against Stalkerware is committed to fighting domestic violence, stalking and harassment by addressing the use of stalkerware and raising awareness about this issue. We invite large technology companies that service this space to help in the fight against stalkerware by visiting stopstalkerware.org.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?