ArticlesInterviews

Stalkerware, Explained: A Chat with Eva Galperin

Eva Galperin is the Electronic Frontier Foundation’s Director of Cybersecurity, as well as a pioneer in developing initiatives to combat stalkerware. She holds degrees in Political Science and International Relations from San Francisco State University, and her work is primarily focused on providing privacy and security for vulnerable populations around the world.

We reached out to Ms. Galperin about the state of stalkerware. 

(This interview has been edited for length and clarity)

How do you define stalkerware?

Stalkerware is a class of applications and software that is sold and marketed for people to spy on loved ones, childrens, or cheating spouses via their devices (phone, laptop, etc). Stalkerware allows the stalker to see everything their victim is doing on a device without the victim ever knowing. Once the device has stalkerware on it, depending on the stalkerware, stalkers can spy on a person via their camera, microphone, see everything on the device including pictures, passwords, 2FA codes, texts.

Who uses stalkerware?

The use of stalkerware is a form or an extension of domestic abuse. A partner accessing the contents of your accounts without permission is definitely abuse and when it comes to parents and their kids, there is no reason for parents to spy on their kids and hide it on their device. If a parent wants to know, let the kids know. What’s the harm of them knowing?”

How does stalkerware work?

Stalkerware varies and hides in different ways. There’s stalkerware for devices, tablets, desktops and they hide within a victim’s phone. It doesn’t show itself up as an app icon and can even be hard to find within a device’s system files because it might use a fake name or pretend it’s a different service. After the app is installed, it quietly runs on a victim’s phone, collecting all the data it can.

Then the stalker obtains the data from the stalkerware company’s servers. They keep the data and the criminal pays for access to the data.

Who makes stalkerware?

Stalkerware is made all across the world and it’s been found in the EU, US, the Netherlands, and Israel. The stalkerware industry is quite lucrative and the apps are marketed as a form of spying and surveillance. Stalkerware companies often store all the collected data themselves so they charge a subscription fee for access to the data, making it quite a profitable business.

How prevalent is stalkerware?

Last Summer, in 2019, a security company found four different stalkerware apps floating around Google’s Play store and Google later found 4 more. Between those 8 apps, there were over 140K downloads.

But those are the stalkerware apps found on legitimate app stores. Many apps are bought outside of app stores, via external websites and directly installed on a device via an APK (this is a type of Android file that will install programs on an Android device) so it’s hard to know how many stalkerware apps are on devices.

How can you protect yourself?

It’s hard to provide any kind of blanket advice because every case is different. People have different appetites for risk and there are varying degrees of security concerns. Will there be an escalation? Is physical violence a possibility? Many domestic abuse cases that you see start small—there could be a single account compromise. Maybe you’re locked out. This could be the beginning of something more or an isolated incident. The relationship between a victim and an abuser is extremely complicated so it would be difficult to provide specific advice on a case by case basis.

To know whether there is stalkerware on your device, you can download an antivirus app. There are three security companies that made public commitments against stalkerware, Kaspersky, Lookout, and MalwareBytes. These AV apps may find the stalkerware on your device. You can also run your device at the highest privacy and with the most sensitive settings turned on to see what program, app, or file may be collecting or accessing data.

Also, make sure your accounts are secured. Use 2FA and make sure that a partner can’t get into your accounts easily if you’re suspicious that they may be surveilling you.

What organizations are tackling this issue?

There are multiple organizations that have publicly committed to fight the scourge of stalkerware such as the EFF, the Coalition Against Stalkerware (CAS) and Operation Safe Escape. These organizations have a lot of resources and provide support for victims of domestic abuse.

To learn more about stalkerware and for more resources, visit the CAS website.

Photo by NESA by Makers on Unsplash

Show More
Back to top button