
鈥淐atch cheating spouses鈥 the website for California-based HelloSpy, a smartphone app, says. There is a photo of a woman with a bruised face and a man grabbing her arm. Infidelity is easier these days because of online social networks and mobile phones, the page claims. But the 鈥済ood news鈥 is that technology can reveal infidelity too, it says.
On the site for another app, FlexiSpy, I seek help from a customer support agent. During a web chat, I say, 鈥淚 think my wife is cheating.鈥 The agent, whether human or bot, immediately asks whether I have physical access to her phone so I can install the app.
Neither HelloSpy nor FlexiSpy responded to a request for comment on these marketing practices. The sale of such apps is permitted in both the US and UK, but these disturbing examples demonstrate how the software easily slips into a legal grey area.
Advertisement
鈥淎ccessing the contents of someone鈥檚 phone now is accessing their life. We are very concerned about this鈥
The software itself is perfectly legal. For example, an employer might tell an employee that their work phone will be loaded with software that records everything they do. The employee鈥檚 consent may be explicitly granted in that case.
However, software can also be installed surreptitiously on someone鈥檚 device to snoop on their messages and phone calls. The use of such 鈥渟talkerware鈥 seems to be on the rise. 鈥淎ccessing the contents of someone鈥檚 phone now is accessing their life,鈥 says Lucy Purdon at campaign group Privacy International. 鈥淲e are very concerned about this.鈥
Once installed, stalkerware can be set up so as to be practically invisible to the phone鈥檚 owner. It might be used, for example, to monitor their location and movements using GPS. It can provide access to any text messages or pictures they send, or record everything they type. In some cases, stalkerware can even switch on the device鈥檚 microphone to eavesdrop on private conversations.
Purdon and her colleagues have examined apps that market themselves as helpful tools that allow parents to keep an eye on their kids. In reality, they offer unbridled access to children鈥檚 phones. 鈥淭hese tools go way beyond checking your child鈥檚 location,鈥 she says.
Employers, parents and snooping partners have emerged as the three main target audiences for spy apps.
An found that, in the first eight months of 2019, more than 37,500 of its customers encountered spyware or stalkerware at least once 鈥 a 35 per cent rise on the same period in 2018. 鈥淲e鈥檙e seeing a marked increase,鈥 says David Emm, .
Another security firm, Avast, in July. All have since been removed as Google prohibits such apps.
Spy in your pocket
Many notorious stalkerware apps are built for Android, but there are variants that can be installed on iPhones running iOS as well. , Google software engineer Ivan Rodriguez described how stalkers can get around some of the security protections built into iOS and spy on the phone鈥檚 owner anyway.
But a crackdown is afoot. The US Federal Trade Commission (FTC) has just taken legal action against a Florida-based firm called Retina-X, which developed spyware apps called MobileSpy, PhoneSheriff and TeenShield. Among other things, the FTC said the company was , a practice it said was 鈥渦nfair鈥 since it put people at risk of being monitored illegally.
Despite this, stalkerware can still slip through legal loopholes. Neither the UK nor the US explicitly outlaw this software. Rather it is how it is used 鈥 for example to harass people or access their data without consent 鈥 that may fall foul of legislation.
There is a lack of international coordination over how to deal with the misuse of spy apps, says Christopher Parsons at the University of Toronto. He and his colleagues published an on the rise of stalkerware earlier this year.
Parsons says law enforcement agencies in different countries could collaborate to shut down firms that market their products for purposes that are abusive.
One issue is that this marketing can be covert. Parsons and his colleagues found that one London-based firm, mSpy, didn鈥檛 explicitly refer to spousal snooping on its website. Instead, web code concealed references to such spying as a means of attracting search traffic on the subject. mSpy didn鈥檛 respond to a request for comment.
Tactics like this can mean that some stalkerware apps only come to the attention of law enforcement when their targets report them 鈥 something Parsons says shouldn鈥檛 be necessary.
鈥淲omen are suffering incredibly serious harms because of this and they don鈥檛 have to,鈥 he says. 鈥淕overnments could solve this if they chose to.鈥
People who install stalkerware on their partners鈥 devices aren鈥檛 just invading their privacy. Emm says that because such apps often ask the installer to deactivate security protections, the target is left open to other cyberthreats such as malware.
鈥淪ome victims fear that their partners will use the information to blackmail or shame them鈥
Stalkerware providers themselves can also be targeted. In 2017, Retina-X was who was allegedly able to retrieve photos and data from the company鈥檚 servers of people being stalked. That such data was left vulnerable in this way was another reason the FTC decided to take action against the firm.
But it is perhaps the psychological impact of having your phone completely compromised by a romantic partner that is most insidious. Christina Dardis at Towson University in Maryland , including cases where stalkers turn to technology to spy on or harass their target, broadly known as cyberstalking.
Stressful situation
Such behaviour can cause post-traumatic stress disorder or depression, she says, as well as prompting worries of further abuses. 鈥淪ome victims fear that their partners will use the information they obtain from their surveillance to blackmail or shame them,鈥 says Dardis. Cyberstalking is also correlated with other forms of harassment, including physical stalking and sexual violence, she says.
Stalkerware is really a symptom of a deeper problem. 鈥淭here鈥檚 kind of an assumption with technology misuse that if you remove the technology you stop the abuse,鈥 says Erica Olsen at the US National Network to End Domestic Violence.
In reality, these apps clearly fulfil a disturbing demand. One review on FlexiSpy鈥檚 website, apparently left by a customer, says they purchased the software to keep tabs on their wife. Seeing her calls, photos and locations was 鈥渧ery helpful鈥 the reviewer says, before adding: 鈥淚鈥檒l be recommending this to anyone that needs to know.鈥
How to protect yourself
You might think that scanning your phone to detect stalkerware is a good idea. But be careful. Besides the fact that antivirus programs don鈥檛 always catch spy apps, a stalker could be alerted to your attempts to take protective actions and confront you.
鈥淪ome of these applications have the ability to see every web聽page that you go to,鈥 says Christopher Parsons, co-author of聽a聽report looking at stalkerware. He recommends instead that people seek out advice directly from a domestic abuse charity or similar organisation if they think they are being targeted.
If you are confident that your聽device hasn鈥檛 already been compromised, David Emm of security firm Kaspersky suggests the best thing to do is lock down your phone. Not allowing your partner to know the passcode for your phone, which is ideally at least six digits long, is a good start. Then make sure that you have antivirus software installed and that your online accounts are protected with strong passwords.
Yet taking precautions against loved ones doesn鈥檛 come naturally, says Emm: 鈥淏y definition, none of聽us is as unguarded as we are with a partner.鈥
- Affected by domestic violence? UK : 0808 2000 247; US : 1-800-799-7233; In Australia, : 1800 737 732. Search online for local alternatives.