Stalking via SmartphoneHow security researchers are working to expose stalkerware on your phone

Stalkerware is software designed to run on your smartphone, keep tabs on everything you do and report it back to whoever decided to spy on the intimate details of your life. This is a crime in most countries, but the apps are hard to find. Security researchers are working to change that.

Illustrationen von zwei Menschen am Esstisch, neben ihnen ihre Telefone
Das Smartphone ist immer dabei – und damit auch die Überwachung. Szene aus einem Video der Coalition Against Stalkerware. – Alle Rechte vorbehalten Coalition Against Stalkerwae

This article deals with gender-specific violence. We would like to remind you that the browser history can be monitored and tracked on your devices – including this story. If you suspect that you are being monitored and need help, please contact an organization close to you. Further information and a list of resources can be found on the website of the Coalition Against Stalkerware.

Sometimes technology, even the cheap kind, can become a weapon. Stalkerware is proof of this. The apps are easy to find on the internet, cost only a few euros per month and are perfect for monitoring another person around the clock. Where was she? Who was she exchanging messages with? What websites did she visit and what passwords were used? The app turns the mobile phone into a bug that relays everything you entrusted to it – even encrypted chats can be read. A tool for total surveillance.

Stalkerware becomes a major problem in connection with domestic violence. But people looking to detect and uninstall such programs on their smartphone are looking at a difficult task. Most apps are quite good at hiding their presence. They don’t show up on the display at all, or if they do, then only under unsuspicious aliases such as „Wifi Check“.

On the trail of the spy software

The programs still leave traces though. Security researcher Etienne Maynier, also known online as Tek, has taken the trouble to follow these traces and document them. In an archive on GitHub, he has published a number of clues that reveal the presence of some of the most common spyware programs for Android devices.

The archive contains a list of web domains that the apps regularly contact. Stalkerware apps always forward the stolen information to a server, where it can be easily viewed by the stalker. Maynier also lists the names of the various package files and the associated hash values, a kind of digital fingerprint that can be used to check whether two files are identical. Antivirus programs use this to search for malware on phones.

Maynier lives in Berlin and works in his day job for Amnesty International, where he analyses the digital surveillance of human rights activists. He deals with stalkerware in his spare time, he tells netzpolitik.org on the phone. In France, where he is from, he is currently trying to start an organization with a circle of feminist activists, which supports women’s shelters and advice centres with tools and knowledge. It’s called ECHAP, like the escape key on French keyboards.

The problem is violence

By publishing the data traces, Maynier wants to bring other security researchers on board. The data should make it easier for them to find stalkerware on devices or to delve deeper into the subject matter, says Maynier. His list is anything but complete, he stresses. So far it contains around 50 programs, including notorious apps such as mSpy, HelloSpy or FlexiSpy. They are the ones whose code he has been able to get his hands on, mostly by downloading them via a hidden link. He did not want to buy the apps – for ethical reasons.

At the same time, Maynier is aware of the limits of his technological approach. „What I have published can be useful,“ he says, but it doesn’t get to the root of the problem. „The problem is not stalkerware, the problem is violence against women and violence in partnerships. And until we solve that, we won’t be able to do much with technology.“

He said it is an occupational hazard of his industry that everybody wants to work on new and cool problems. Stalkerware is one of those areas that arouses the hunting instinct. But he is afraid that security researchers will lose sight of the true problem.

Kidnapped accounts

For the reality of spying in a partnership is often much more mundane. You don’t have to be a hacker to read the mails or chats of a partner. Especially for people who are close it is often much easier to guess a password or to force it from the other person as a proof of trust. Researchers report that it is often a mixture of stalkerware and such kidnapped accounts, that are used to monitor and terrorize victims. However, there is little applause for resetting account passwords. „Everybody wants to work on stalkerware,“ Maynier says, „but it would probably be more important to help victims reset their GMail passwords.“

The focus on stalkerware may also obscure the view, he fears, on all the other apps and functions that come pre-installed on every phone and can also easily be abused for illegal stalking – from Google Maps to the various „Find My Phone“ features.

Android as the „Wild West“ of stalkerware

Maynier’s toolbox only lists apps for the Android operating system. Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation, calls the „ecosystem“ of Android the „Wild West“ of stalkerware. There are examples of individual apps slipping through the mesh of Apple’s ITunes store and the Google Play Store and being officially available for download there – even though they violate the rules. Usually these packages end up on a smartphone via detour though. Galperin reports this at a briefing organized by German think tank Stiftung Neue Verantwortung.

Older Android phones are particularly susceptible, says Galperin. „This worries me, because it means security is for rich people.“ A luxury for those being able to afford an IPhone or a Pixel. What about the rest?

Galperin started a worldwide initiative last year, the Coaltion Against Stalkerware. Organizations from Germany such as Weißer Ring or the Bundesverband Frauenberatungsstellen (bff) are also involved.

She does not want to spend her time hunting down the suppliers, says Galperin. The vendors often hide behind straw companies and in „legally unresponsive“ states. „I want to make it harder for her to do her job.“

Uncovering the apps instead of chasing companies

That is why the focus of Galperin’s initiative is primarily on detection. The goal: anti-virus programs should detect stalkerware just as reliably as other malware. Vendors could then continue to sell the apps. Perpetrators could still buy and install them – but the apps would be useless, they could no longer hide. The market would go down the drain.

Maynier’s toolbox with telltale traces can also help, because security researchers can use them as a starting point to bring the apps to light. But no matter how good the technical solutions are in the end, they won’t solve the problem as long as gender-specific violence is not the focus, Maynier warns. In other words: the people affected are often in a violent relationship, stalking is part of the violence and in itself violence. The biggest challenge: „Everything you do can endanger those affected – even finding and removing the apps“. Researchers like Galperin and Maynier know this, that’s why they work with experts for gender-based violence.

2 Ergänzungen

  1. ich arbeite selbst im Security Umfeld und bei allen drei mir persönlich bekannten Fällen waren es Frauen die Ihre Partner überwacht haben.
    Wieso ist dieser Artikel gender-spezifisch?

    1. Yes, people of all genders are victims of stalking. However: when there is physical violence involved, it is mostly directed towards women. The wording in the article is reflective of that. See for instance the Coalition Against Stalkerware:

      „While there is a need for more research on the gendered nature of stalkerware use, the available data paints a clear picture that the main victims of technology-facilitated abuse are women, while those using the violence are mainly men.

      Studies have shown that 70% of women victims of cyberstalking have also experienced physical and/or sexual violence at the hands of an intimate partner. This continues the worrying trend of gender-based violence seen in domestic abuse.“

Dieser Artikel ist älter als ein Jahr, daher sind die Ergänzungen geschlossen.