The Coalition Against Stalkerware defines as software, made available directly to individuals, that enables a remote user to monitor the activities on another user’s device without that user’s consent and without explicit, persistent notification to that user in a manner that may facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence. Note: we do not consider the device user has given consent when apps merely require physical access to the device, unlocking the device, or logging in with the username and password in order to install the app.
Some people refer to stalkerware as ‘spouseware’ or ‘creepware’, while the term stalkerware is also sometimes used colloquially to refer to any app or program that does or is perceived to invade one’s privacy; we believe a clear and narrow definition is important given stalkerware’s use in situations of intimate partner abuse.
We also note that legitimate apps and other kinds of technology can and often do play a role in such situations.
This document is intended for the following purposes:
- To provide guidance to the IT and cybersecurity community in defining the types of application behaviors that qualifies them to be flagged as stalkerware.
- To provide guidance to antivirus products on how to handle a stalkerware detection.
- To inform interested parties such as the law enforcement community or advocacy organizations on the spectrum of stalkerware behavior.
The Coalition Against Stalkerware recommends the following criteria to be used for detecting stalkerware:
- Apps that market themselves as enabling covert spying and/or surveillance.
- Apps that are capable of tracking device users, including monitoring their behavior, viewing and/or recording their activity, and/or remotely controlling their devices without their continuous consent and/or knowledge;
- Apps that are capable of collecting and exfiltrating sensitive data of device users (e.g., location data, contacts, call/text logs, passwords, browser history, etc.) without their continuous consent and/or knowledge;
- Apps that facilitate spying and monitoring without consent. Examples of this facilitation include hiding that they are installed, making it difficult to uninstall, requiring extra privileges, hiding their activity, and/or using a different/random/blank names or descriptions on affected devices after installation.
Stalkerware is a tool used in a variety of situations and the presence of stalkerware may indicate it is being used in an abusive relationship. Because the removal of stalkerware can be detected by the person who installed it, it is important for the device owner to be given a clear choice whether to remove the stalkerware or not. Therefore, the Coalition Against Stalkerware strongly advises security vendors to:
If the security app detects the stalkerware at install time, if applicable:
- Do not allow the stalkerware to be added to any safe list
- Notify the user via a separate channel (e.g. email) about the installation of stalkerware
If the security app detects the stalkerware after install time, while the device is being used:
- Clearly notify users about the kind of threat found on the device that distinguishes it from ordinary malware or other kinds of unwanted applications;
- Give the user a clear choice whether to remove the stalkerware or not.