The scourge of stalkerware—malicious apps used by perpetrators of domestic violence to secretly spy on their victims—is not going unchallenged or unaddressed.
Antivirus makers are increasingly adding stalkerware to the list of apps their products detect on devices; victim support groups help people figure out whether their devices are infected and how to remove the apps; app stores are banning the software and pulling any advertising for it, and law enforcement is investigating and arresting stalkerware makers and their customers.
Now, in a welcome step to make it easier for people to detect a family of stalkerware apps investigated by researcher Zack Whittaker, online tech news site TechCrunch has launched a free spyware lookup tool that allows people to check if their Android device is on a leaked list of compromised devices. These apps can be covertly loaded onto devices or laptops, allowing perpetrators to monitor in real time users’ private messages, voicemails, internet browsing, passwords, and location data, all without their knowledge or consent.
Using a device other than the one that might be infected, users can enter certain identification numbers—IMEI or unique advertising ID numbers, both of which can be found on your phone—of the device suspected of having stalkerware into the tool, which will compare the numbers to a leaked list of devices compromised by this family of stalkerware apps. The list is made up of hundreds of thousands of Android devices infected by any one of a network of nine spyware apps prior to April.
The tool will tell users if their device identification numbers match, likely match, or don’t match the devices on the TechCrunch list. Users may then check the suspected phone for signs that a malicious stalkerware app is present—TechCrunch has a guide for finding evidence that your phone was compromised. The Clinic to End Tech Abuse (CETA), part of Cornell Tech, also has a guide. Once found, stalkerware apps can be removed from users’ devices.
Users whose phones are found to be compromised should put together a safety plan before removing stalkerware from their phones—removing the spyware likely triggers an alert to the person who planted it, which can create an unsafe situation. The Coalition Against Stalkerware has for victims of stalkerware.
The tool is the result TechCrunch investigation earlier this year revealing that at least nine consumer-grade stalkerware apps, part of a massive, mostly-hidden stalkerware operation, shared a common security flaw that is exposing the personal data of hundreds of thousands of Android device users.
The investigation found victims in virtually every country, with large groups in the U.S., Europe, Brazil, Indonesia, and India. TechCrunch contacted the company that appeared to be behind the operation to warn them about the security flaw, and received no answer. TechCrunch decided not to reveal the flaw for fear that it would be exploited, exposing even more data.
A break came June when a source provided TechCrunch with a cache of files dumped from the internal servers of one of the spying apps. The files included a list of every Android device that was compromised by any of the nine spyware apps. The list didn’t contain enough information for TechCrunch to identify or notify each device owner. But, after verifying the authenticity of the list, TechCrunch used the list to create the tool.
The tool isn’t perfect—if users’ phones were infected with stalkerware after April, it won’t be on the list the tool uses. It will only tell users if their phones were infected with this class of stalkerware before April. The group is made of nine specific apps—if your device is infected with a stalkerware app other than those nine, the tool won’t have any matches.
Stalkerware is always adapting and changing, so survivors of domestic abuse and others for whom stalkerware is a concern face an ever-shifting threat landscape. TechCrunch’s research and newly-launched tool may help to provide peace of mind to a significant number of Android users. We hope that researchers continue to monitor the stalkerware ecosystem and raise the cost and difficulty of spying on Android devices with impunity.