Spotlight on Security: Digital Stalking Roundup
Digital stalking uses specialized malware, called stalkerware, to gain access to functions of a smartphone, tablet, or PC. The software allows the stalker to listen to and record phone calls, view stored photos and files, activate the camera, read all types of message, log keystrokes and track the victim’s location via the device GPS functionality. Stalkerware thus spies on every action. However, it is most probably not something that you have accidentally installed yourself, but is secretly installed on your device by someone who has access to this. Therefore, as a victim of digital stalking, it will probably only become noticeable when the perpetrator misuses private knowledge for their own purposes.
Most stalkerware is downloaded from unofficial sources outside the major app stores, as the latter try to screen out malware in advance. Some companies even provide instructions on how to install their apps without the device owner’s knowledge. But you should not even try them, because stalking – following and spying on a person – are prosecuted under criminal law in many countries.
Since assaults on women, domestic violence and physical stalking are reaching frightening proportions, digital stalking as a precursor to acts of violence is also the focus of European violence protection programs. Here, for example, the EU’s “Gender Equality Strategy 2020-2025”, pursues the same goals as the Istanbul Convention CETS No. 210 and will decide on any EU-wide guidelines on gender-specific digital stalking by the end of 2021.
Contributing to this decision will be the expertise of the Coalition Against Stalkerware, established in 2019, in which the close collaboration of violence protection centers and cybersecurity experts will be used to create psychologically appropriate awareness campaigns, share perpetrator profiles and prevalence of stalkerware, and promote digital protection through antivirus software (AV products).
The first major legal success in the fight against this crime finally came when the stalkerware company SpyFone was officially banned by the US Federal Trade Commission (FTC), the only federal agency with both consumer protection and competition jurisdiction in broad sectors of the economy. In this case, the entrepreneur was told to delete all data, inform survivors and was forbidden to ever work in the surveillance industry again.
Digital protection against digital stalking has been widely and vigorously supported since 2019. With regard to the detection rates reached in our last test, the tested versions of the antivirus apps showed a high degree of protection, but the test also make clear that the developers of stalkerware are fighting very actively against being detected.
After our informative conversation with representatives of this coalition, we measured the detection rate of 20 stalkerware apps for Android by 10 antivirus apps. 7 out of 10 products detected between 80% and 100% of the testcases, while two apps scored 70%. The remaining product reached a 50% detection rate in this AV test, which might be because it is a very well-known brand, and stalkerware developers thus try hard to evade it.
At the same time, as with all malware, it must always be warned that developers are constantly modifying it to avoid detection by AV products. Also, when dealing with detected malware, it is best to seek advice from your local helpline and experts before uninstalling it, as the perpetrator will notice the uninstallation and may react violently.
An international contact point that can provide professional instructions, helplines and support, and lists of partner organisations, can be found at the following address: https://stopstalkerware.org