Stalkerware detection, removal and prevention
What is stalkerware?
Stalkerware refers to tools – software programs, apps and devices – that let another person, often a partner or family member, secretly monitor and record information about a person’s phone activity.
Stalkerware can be a tool used by an abuser to further track, monitor, stalk and harass survivors or victims. The use of stalkerware doesn’t require any particular technical skills and the abuser doesn’t have to be a “skilled hacker” to use it to spy on your activities; it can be easily bought and installed. Most stalkerware is installed on mobile phones, but there are also versions for desktops, laptops (including Macbooks) and tablets.
Stalkerware is one form of technology-facilitated abuse and is often part of a wider pattern of abuse, including other aspects of technology-facilitated abuse. This is important to keep in mind: if someone is secretly tracking your online activities, stalkerware may not be involved at all. You can read about other forms of tech-facilitated abuse beyond stalkerware on NNEDV’s webpage here (in English). If you are concerned about stalkerware or tracking of your online activities, and it is safe to do so, you should consult a survivor assistance program or law enforcement agency to help you identify what is happening.
Sometimes stalkerware is also called spyware. Spyware is the umbrella term for commercially available stalkerware, but it also includes tools used by governments and criminals to spy on selected individuals and organisations. This latter class of spyware is not available to the average person and is not covered by this website.
How do I know I have stalkerware on my device?
Though “unusual behaviour” of a device (such as a rapidly draining battery, spikes in data usages, unexplained increases in weekly Screen Time reports and strange notifications) may be a sign of stalkerware, it doesn’t have it be and some stalkerware runs without any such side-effects.
It is thus important to trust your instincts: the most common sign that your activity is being monitored will be because of the abuser’s changes in behavior. For example, they may know too much about your phone activities without another explanation.
It may be helpful to keep a log of what you are experiencing. This can help detect patterns and show the history of what has been happening if you choose to report to law enforcement or seek out help from a survivor assistance program.
Good antivirus products should be able to largely detect stalkerware; if you don’t already have such an app, you could download a free app from many of the coalition’s partners and run a scan on your device. While it is a good idea to keep the app installed in case it detects future stalkerware, if you don’t feel comfortable with the app, you can uninstall it after the scan.
The Clinic to End Tech Abuse (CETA) has a guide as a pdf (in English) that helps you check an Android device for apps that are hidden and/or installed outside the official app store; stalkerware is typically installed in such a way.
Some iPhone and iPad stalkerware works by acquiring data from backups of your device stored in iCloud. If your device is configured to backup to iCloud, but you have not enabled this yourself then someone may have done this with malicious intent. To check this, go to the Settings app and tap your name. Then scroll down and tap on your device to see if “iCloud Backup” is enabled.
How do I remove stalkerware from my device?
Before trying to remove stalkerware from your device, it is important to note four things:
- If you experience digital stalking, it may be through some other means than stalkerware. This section only refers to removing stalkerware. For more details, please read the previous sections of this page. As you remove possible stalkerware, it is important to block these other ways too. CETA has a page with resources (in English) that include a short and a long checklist to help you disconnect from an (ex-)partner. Removing stalkerware or other monitoring detection and/or making significant changes may be detected by the abuser and could increase the abuse and harassment. Only attempt to remove stalkerware if you believe it is safe to do so.
- We recommend creating a safety plan. A safety plan is a personalized plan to keep an individual safe. Each plan is unique to the specific situation of that person. The plans are dynamic and flexible and should be developed using a safer device and with the assistance of a trusted survivor assistance program from one of the organisations listed later on this page.
- Deleting stalkerware means also deleting evidence related to this. If you wish to report the incident, you may need to seek help from law enforcement, as this evidence could be helpful.
- Once removed, it is possible that an abuser re-installs stalkerware. The next section has some tips on how to prevent stalkerware from being installed on your device.
The best way to get rid of stalkerware is to buy a new phone. While for many this may be expensive or unsafe, there are a few programs to provide abuse survivors with phones and it may be worth asking professionals that are supporting you about such programs in your country. Please see the resources page for local providers that can help you with this.
Almost as effective is to perform a factory reset on the phone. While not technically difficult to perform, you may want to ask the help of a trusted friend or cell-phone service provider if you feel uncomfortable with technology, especially to ensure important data, such as contacts or photos, is backed up safely before performing a factory reset. When re-installing apps on your device, make sure you only install the apps you actually need and use.
Antivirus software, discussed in the previous section, can also remove stalkerware from your device when it is detected.
You may also be able to manually remove stalkerware using CETA’s guide (pdf in English) on finding hidden and side-loaded apps on Android devices.
How do I prevent stalkerware from being installed on my device?
Stalkerware usually requires someone to have physical access to your device and to be able to unlock it. It is thus important to make sure your device is set to lock quickly (ideally after 30 seconds of inactivity) when not in use. This of course also prevents someone from reading private messages by simply opening the phone. The National Network to End Domestic Violence has here a guide with 12 tips on cell phone safety and privacy (in English).
You can choose to unlock your device with a PIN code, a password or, on some devices, using a fingerprint or facial recognition. Make sure a PIN code or password aren’t easily guessable. The National Network to End Domestic Violence has a video (in English) you can watch on how to put a passcode on your device.
Be mindful about who you share your device with, in particular to someone you suspect may want to monitor your activities through stalkerware. However, it is important to note that this may not be a safe option if your abuser requires you to share your device with them. If you know or suspect a potential abuser has had access to your device, follow the guidance above about how to detect stalkerware.
To prevent someone having access to important personal accounts, such as email and social media, it is important to protect them with a strong and unique password and to use two-factor authentication where applicable.
The National Network to End Domestic Violence has a Survivor Toolkit (in English), dedicated to helping survivors understand technology misuse and providing safety planning tips and strategies.
Also CETA has various guides (in English) on how to secure your accounts. They also have a guide as a pdf on using password managers, which help you manage multiple unique and strong passwords.
Where can I find help if I suspect stalkerware on my phone?
Check our resources page for a list of organizations that may help you. Depending on your location, many organizations may have different legal responsibilities in making reports to law enforcement or child protective services if you share information about your abuse, or if your children have been abused.
Find direct support if you experience or suspect stalking
If you or someone you know is concerned about potential spying, monitoring, or stalking, trust your instincts and find a safe way to learn about your local resources and options. Please note that if you think someone may be monitoring your device, that person would be able to see any searches for help or resources. If you’re concerned about this, use another device – one that the person has not had physical access to – when reaching out for information or assistance. If you are in immediate danger, contact your local authorities.
Coalition Against Stalkerware calls on Apple to mitigate abuse of WiFi Sync
UK cybersecurity firm Certo, a partner of the Coalition Against ...Read more
Stalkerware maker fined in the US and required to notify victims
The Coalition Against Stalkerware is very happy with the news th...Read more
TechCrunch builds spyware look-up tool for Android devices
Zack Whittaker, Security Editor at TechCrunch, today announced t...Read more