InfoSec Blog - Stalkerware
May 17, 2019
The information security field has a rich repertoire of words to describe all manner of software, exploits, vulnerabilities, and threats. One new term I came across recently is “stalkerware”. Now, stalking in all forms is a crime in Canada. Stalkerware is software (usually an app) which silently traces a phone owner’s movements, app usage, phone calls, and other activities and sends it to the stalker. Not only is the use of software like this criminal, not to mention unsavoury and creepy by nature, but the fact that a stalker deliberately adds it to a victim’s phone creates a significant premeditation component.
To a victim the fact that a person they trusted (usually) installed a stalking app on the phone can be disconcerting, shocking, and trauma-inducing. The invasion of privacy, and the violation they can experience is real, and can be very damaging. That is why stalking, including using Spyware or stalkerware is a crime. In addition, and this drew my attention, these apps have a very poor track record of keeping the logs and private information secure. There have been numerous reports of breaches.
What can you do when you discover or suspect stalkerware is installed on your phone, or avoid falling victim?
Attend to your physical safety by contacting the police, and other appropriate support. Remember, the person responsible has consciously committed a crime against you.
Have a technical resource (the police can likely point you to one) check the phone and remove the stalkerware software.
Do NOT lend your phone to someone you do not trust 100%, keep it in sight when you have to share your phone, and check it carefully after anyone else had unsupervised access to it.
Have a strong passcode on your phone, and do not share it with anyone.
Finally, what about parents monitoring their underage children use of phones, tablets, and the like? First, have open communication with them. Second, if you feel you must monitor, use a more transparent, mainstream solution. Third, consider that it takes little effort or money for a savvy youth to circumvent any monitoring solution.
Written by: Gerrit Bos (IT Security Officer, CCS Information Security)