What Is Stalkerware?

So far there was neither an agreed standard definition for stalkerware nor detection criteria which made it particularly difficult for IT security industry to communicate around the issue. Therefore, the founding members of the Coalition Against Stalkerware took an important step of combating stalkerware and started with creating a proper definition and reaching a consensus on detection criteria. Both – the definition and detection criteria – are a basis to give the problem a name, while suggestions on improvements are still welcome.

Members of our coalition suggest the following definition for the Stalkerware: “It is software, made available directly to individuals, that enables a remote user to monitor the activities on another user’s device without that user’s consent and without explicit, persistent notification to that user in order to intentionally or unintentionally facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence.”

How serious is the problem?

It’s hard to say how large is the number of the stalkerware programs on the market – it may be up to a couple of hundreds. In total, in 2018 we identified 26,619 unique samples of stalkerware programs. Most detected: MobileTool, iSpyoo, Talklog, Spy Phone App, Reptilucus, etc. Among the most popular also – FlexiSpy.

According to Kaspersky, the number of users facing stalkerware rose by 35%, from 27,798 in 2018 to 37,532 in 2019. What’s more, the threat landscape for stalkerware has widened, as Kaspersky has discovered 380 variants of stalkerware in the wild in 2019 – 31% more than a year ago.

According to White Ring, in 2018 they have assisted 1019 cases of stalking which was about three percent more than the year before. White Ring also refers to the German Police Criminal Statistics documenting in 2018 almost 19.000 cases of stalking which are 500 more than the year before and is a “clear increase”. In addition, White Ring declares: “As a non-profit organization we know that technology facilitates abusers access to their victims’ private data. Rarely victims seek help because they feel ashamed. For WEISSER RING stalking is increasingly an important issue we encounter in our victim help.”

According to the European Institute for Gender Equality research report “Cyber violence against women and girls”, 2017: “7 in 10 women (70 %) who have experienced cyber stalking, have also experienced at least one form of physical or/and sexual violence from an intimate partner”. Highlighting an alarming trend of gender-based violence continuing in tech-facilitated and online abuse.

Here you will find the State of Stalkerware 2019 Report provided by Kaspersky and supported by the Coalition Against Stalkerware commenting about the relevance on the relevance to work together against stalkerware

Is it legal?

These applications are sold by legally-registered companies under various facades, such as child monitoring or employee tracking solutions. However it is known that these apps are mostly used to spy on a partner. These programs have been exposed and publicly criticized multiple times, yet in most countries their legal status remains vague. Therefore nowadays stalkerware cannot be considered as malware.


The laws are still catching up, but generally the use of stalkerware is illegal even if the sale is legal. It’s important to understand that it’s a stalker or an operator of the stalkerware that will face legal consequences if caught on spying – not a software developer. Laws vary from one country and state to another, but it’s generally illegal to use stalkerware tools and apps without the consent or of the target or some other legal authority. For example, existing laws on stalking, harassment, and wiretapping have been used to successfully prosecute stalkerware buyers.
Additionally, many states require the consent of one or both parties to a conversation if it’s going to be recorded. Stalkerware tools often violate those laws, exposing the stalker to legal liability for any recordings made without the victim’s knowledge.

These applications are sold by legally-registered companies under various facades, such as child monitoring or employee tracking solutions. However it is known that these apps are mostly used to spy on a partner. These programs have been exposed and publicly criticized multiple times, yet in most countries their legal status remains vague. Therefore nowadays stalkerware cannot be considered as malware.


The laws are still catching up, but generally the use of stalkerware is illegal even if the sale is legal. It’s important to understand that it’s a stalker or an operator of the stalkerware that will face legal consequences if caught on spying – not a software developer. Laws vary from one country and state to another, but it’s generally illegal to use stalkerware tools and apps without the consent or of the target or some other legal authority. For example, existing laws on stalking, harassment, and wiretapping have been used to successfully prosecute stalkerware buyers.
Additionally, many states require the consent of one or both parties to a conversation if it’s going to be recorded. Stalkerware tools often violate those laws, exposing the stalker to legal liability for any recordings made without the victim’s knowledge.

Detection Criteria

  • Apps that are capable of tracking affected users, monitoring affected users’ behavior, viewing and/or recording affected users’ activity, and/or remotely controlling affected devices without affected users’ continuous consent and/or knowledge;
  • Apps that facilitate spying and monitoring without consent by hiding that they are installed, hiding their activity, and/or using a different name on affected devices after installation;/li>
  • Apps  – whose core functionality involves data exfiltration in the background – that share sensitive data of affected users (e.g., location data, contacts, call/text logs, browser history, etc.) with a remote user without the explicit consent of, and persistent notification to, affected users;
  • Apps that market themselves as being for spying and/or surveillance.

Stalkerware as a gendered phenomenon

While there is a need for more research on the gendered nature of stalkerware use, the available data paints a clear picture that the main victims of technology-facilitated abuse are women, while those using the violence are mainly men.

Studies have shown that 70% of women victims of cyberstalking have also experienced physical and/or sexual violence at the hands of an intimate partner. This continues the worrying trend of gender-based violence seen in domestic abuse.

The link between intimate partner violence, gender and technology-facilitated abuse, such as the use of stalkerware, needs to find a clear echo in policies, prevention and perpetrator work, victim support, as well as in awareness-raising campaigns, trainings and research.