We think of our phones as private, but a form of background software could just break that feeling of security, as stalkerware rises across the country.
Our phones are often seen as a bit of a safe space, but the wrong piece of software can soil those expectations all too easily. A few years ago when a nasty piece of software first started appearing on mobiles, that was the feeling there, too.
Back in 2021, the idea of stalkerware joined other malicious forms of security software, such as ransomware, malware, and others. The idea was simple enough, but destructive in its capability.
As the name implies, stalkerware sits in the background of a device and lurks, tracking logging what that device is doing and sending that information to someone else. It could be simply letting someone snoop on your text messages, or it could be far more nefarious, tracking positions and letting someone eavesdrop.
Stalkerware can be destructive in its capabilities, and it is unfortunately also on the rise. Avast has discovered recently that the risk of stalkerware is up 183 percent in Australia thanks to data gathered over a three year period, covering apps detected and blocked on devices over that time.
“The growth we’re seeing in stalkerware is a huge concern,” said Jakub Vavra, Threat Operations Analyst for Avast.
“Stalkerware is often installed secretly on mobile phones by abusive spouses, ex-partners, so-called friends or concerned parents, and has the capacity to inflict serious physical and psychological harm on those affected. This is not only about stealing personal data, there are also tangible implications concerning the safety of the individual targeted,” he said.
Where is stalkerware primarily found
While the rise of stalkerware is serious, the availability of the apps is focused primarily on Windows and Android, with Avast noting that some of these apps are marketed as monitoring tools for kids or seniors, though also uses the idea of spying on spouses and partners as part of promotional material.
But while Android may well see some of the bigger amounts of stalkerware apps, they do exist on iOS for the iPhone, as well.
“iOS offers more user protections and makes it more difficult for stalkers to infiltrate and monitor a victim’s device,” said Vavra.
“The stalkerware often requires access to the victim’s iCloud account and relies on data extraction from iCloud rather than direct monitoring,” he said, adding that “contacts, call logs, SMS, photos, and location tend to be targeted the most.”
How stalkerware is installed
Interestingly, you can’t typically get stalkerware simply by landing on a website or having the app installed remotely, it seems. Avast confirmed that in most cases “stalkerware is installed by obtaining physical access to an unlocked device”, meaning someone needs to get your phone and know your code.
While keeping a phone protected and out of reach from others is an important point from this, so too is having a passcode no one else can guess. This will mean skipping on the obvious PIN of your birthdate or numberplate, as these can be easy to guess.
Improving and bolstering your PIN is also important if you’re using fingerprint or facial security, too, as phones will automatically default back to a PIN or passcode when biometric security runs out of attempts. For instance, if you’re using an iPhone and run out of tries to login using Touch ID or Face ID, iOS will request your phone’s passcode instead. If that’s easy to guess, your phone will be easy to break into, as well.
That could be a problem if someone takes your phone that you don’t approve of, particularly if stalkerware grows in numbers the way Avast expects it to.
“The growth we’re seeing in stalkerware is a huge concern,” said Vavra to Pickr.
“In Australia between the start of 2020 and the end of 2022, the prevalence of stalkerware has increased by 183%. It is also a global problem, growing 239% in the same period,” he said. “This growth in invasive monitoring is concerning because of the perpetrate stalking, harassment, and violence this category of malware allows.”
How to stay on guard against stalkerware
Clearly, protecting your phone from this sort of app is important, and that may mean following some simple tips.
For starters, make sure your phone’s PIN or passcode is easy for you to remember, but difficult for someone to guess. Forget about your birthdate — that’s an obvious one — and instead think of a different sequence of numbers and/or letters that means something to you, but no one else.
The longer and more complicated it is, the better it will be.
Once you have that, don’t mention it to anyone else. It’s your phone and your data, so treat your phone’s code like your ATM PIN: don’t give it out, because the access it offers is critical to your life.