How stalkerware can threaten your safety and privacy, and how to avoid it

At its best, technology can bring people together through the use of social networks, video chats, and other tools. But at its worst, technology can be used to harass, bully, and terrorize other people. One example of the latter is stalkerware, a type of app installed on someone's mobile device to eavesdrop on them. A report released Friday by Kaspersky explains how stalkerware works and how you can protect yourself against it.

SEE: Top Android security tips (free PDF) (TechRepublic)

Commercially available to anyone with internet access, stalkerware typically is set up on someone's mobile phone without their knowledge or permission. Once installed, the app operates in stealth mode, so the user is unaware of its presence.

As defined by Kaspersky, stalkerware can't be installed remotely through malware or other means. The culprit must have physical access to the phone. Unless the phone has been lost or stolen, that means the abuser typically knows the victim, as in the case of a spouse, significant other, or close contact.

Installing the stalkerware app usually requires only a few minutes. The phone itself must either be unlocked or unprotected by a PIN, password, or other security. However, someone who has already shared their security method with an abusive spouse or significant other can also allow for the intrusive app to be installed.

Depending on the type of stalkerware in place, the abuser can perform any or all of the following activities:

Based on Kaspersky's research, 53,870 users of its mobile security app were affected globally by stalkerware in 2020. Including people who don't use Kaspersky's software, the full number is certainly much higher.

Using stalkerware against women is an especially pervasive issue and can lead to violence on the part of the stalker. Seven in 10 women in Europe who experienced cyberstalking also faced at least one form of physical and/or sexual violence from an intimate partner, according to a 2017 report from the European Institute for Gender Equality. Cyberstalking itself is a form of violence as an abuser can use the surveillance to control their victim.

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

"We now understand that stalkerware is not purely a technical problem," Kristina Shingareva, head of external relations at Kaspersky, said in a press release. "It's not the IT part of the issue that is challenging, but the fact that we need to deal with the commercial availability of stalkerware, the lack of regulation around how it is being used and, perhaps the most difficult problem, the fact that violence against women and different forms of online abuse have been normalized."

Given the shady nature of stalkerware, the apps typically have to be downloaded from an unofficial source, such as the developer's webpage. The stalkerware family known as Nidb was the most popular stalkerware sample in 2020, according to Kaspersky. Nidb was used to sell a number of different stalkerware products such as iSpyoo, TheTruthSpy, and Copy9, the report said.

For Android, Google banned stalkerware apps from its Google Play store last year. Stalkerware tools are less frequent on iOS than on Android because of the closed nature of Apple's ecosystem. But an abuser can install such an app on a jailbroken iPhone. In other cases, an abuser could give their victim a mobile phone as a gift with the stalkerware already installed.

Stalkerware apps often skirt legal issues by pretended to be child monitoring or employee tracking tools. In the past, users would run afoul of the law only if they used such apps to record user activity without their permission. But the laws are slowly changing, at least in certain countries. In France, secretly spying on someone this way without their consent can be punished with up to one year in jail and a fine of €45,000. In the United States, one developer of a stalking app was fined $500,000, while another eluded any penalty after promising to change the app's functionality.

SEE: Android 12: A cheat sheet (TechRepublic)

With stalkerware able to run on your phone without your knowledge, Kaspersky offers a few ways to tell if such an app has been installed:

Finally, here are a few ways to protect your phone against the installation of stalkerware:

Also see