Nine months ago, one software company recommitted itself to detecting invasive apps, commonly known as stalkerware, that can lead to excessive harm of women.
These types of apps, written about extensively, can allow a user to look through someone’s text messages, record their phone calls, turn on their mobile cameras and microphones, rifle through their private files, peer into their search history, and track their GPS location, all without consent.
They present clear potential for privacy violations, but worse, when put into the hands of domestic abusers, they can dismantle a victim’s life, revealing their location if they try to escape or uncovering their private messages if they attempt to discuss a safety plan. These types of apps have, on multiple occasions, been tied to cases of stalking, cyberstalking, and domestic violence.
For International Women’s Day, which has been celebrated on March 8 for more than a century, Malwarebytes has been measuring its own campaign to protect users from these potential threats.
These are the numbers on stalkerware.
Monitor and Spyware data
Despite the popular “stalkerware” label, Malwarebytes does not use the term to classify apps with the capabilities described above. Instead, it detects these types of apps as “monitor” and “spyware.”
From March 1, 2019 to March 1, 2020, the company detected 55,038 monitor apps for users who installed Malwarebytes for Android. For the same time period in the year prior, it detected 44,116 monitor apps for users who installed Malwarebytes for Android.
Similarly, from March 1, 2019 to March 1, 2020, 1,378 spyware apps for were detected for Android users. For the same time period in the year prior, 2,388 spyware apps were detected for users in the same group.
We must be clear: The rise in monitor detections does not guarantee a rise in the use of these apps. Instead, because Malwarebytes improved its capabilities to find monitoring apps, the detection volume likely increased. The company bolstered its data set independently, but also worked with other cybersecurity vendors in the Coalition Against Stalkerware to improve the results.
The decrease in spyware detections perhaps points to something different – a decision to shy away from making and utilizing these tools. Whereas stalkerware-type apps have seen little enforcement, either from the government or from individuals and companies, spyware apps have received deeper scrutiny. Just this week, WhatsApp moved forward with its lawsuit against one major developer.
Today, Malwarebytes detects 2,745 variants of monitor apps and 318 variants of spyware apps. It also increased monitor variants by nearly 1,000 from the year prior, and our spyware variants by almost 40.
In looking at the data, it also discovered these threats in nearly every part of the world. Malwarebytes detected monitoring APKs in the US, India, Indonesia, the United Kingdom, Brazil, Ireland, France, Russia, Mexico, Italy, Canada, Germany, Bangladesh, Australia, and the United Arab Emirates. The US represented the largest share of detections, but the US also represents the largest share of the user base.
While the data shows that stalkerware-type apps continue to plague users everywhere, the data does not show the broader relationship between these types of apps and stalking, cyberstalking, and domestic violence.
The bigger picture
According to Danielle Citron, professor of law at Boston University School of Law, “cyber stalking” apps have been tied to multiple cases of domestic violence and abuse. As she wrote in her 2015 paper “Spying Inc.”
“A woman fled her abuser who was living in Kansas. Because her abuser had installed a cyber stalking app on her phone, her abuser knew that she had moved to Elgin, Illinois. He tracked her to a shelter and then a friend’s home where he assaulted her and tried to strangle her. In another case, a woman tried to escape her abusive husband, but because he had installed a stalking app on her phone, he was able to track down her and her children. The man murdered his two children. In 2013, a California man, using a spyware app, tracked a woman to her friend’s house and assaulted her.”
Further, according to a NortonLifeLock survey released last month, the use of stalkerware-type apps is just one of several behaviors that Americans engage in to check in on their ex and current romantic partners online.
The Online Creeping Survey, which included responses from more than 2,000 adults in the US, showed that 1 in 10 Americans admitted to using stalkerware-type apps against their ex or current romantic partners. The survey also found that 21% of respondents said they looked through a partner’s device search history without permission, and 9% said they created a fake social media profile to check in on an ex or current partner.
Kevin Roundy, technical director for NortonLifeLock, warned about these behaviours.
“Some of the behaviours identified in the NortonLifeLock Online Creeping Survey may seem harmless, but there are serious implications when this becomes a pattern of behaviour and escalates, or when stalkerware and creepware apps get in the hands of an abusive ex or partner,” Roundy said.
As Malwarebytes reported last year, some of these behaviours are closely associated with the crimes of stalking and cyberstalking in the United States. Stalkerware-type apps can create conditions in which domestic abusers can follow their partners’ GPS locations and allow them to look at their private conversations through texts and emails. For domestic abuse survivors trying to escape a dangerous situation, stalkerware can place them at an even greater risk.
Unfortunately, much of the behaviour related to stalking and cyberstalking disproportionately harms women.
According to a national report of about 13,000 interviews conducted by the Centers for Disease Control and Prevention (CDC), an estimated 15.2% of women and an estimated 5.7% of men have been stalked in their lifetime.
Similar data from the Bureau of Justice Statistics showed nearly the same discrepancy. In a six-month period, of more than 65,000 Americans interviewed, 2.2% of women reported they had been stalked, while 0.8% of men reported the same.
While stalking victims include both men and women, the data from both studies shows that women are stalked roughly 270% more often than men.
What we can do
The stalkerware problem is tangled and complex. Makers of these types of apps often skirt government enforcement actions—with only two developers receiving federal enforcements in the past six years. Users of these apps can vary from individuals who consent to being tracked to domestic abusers who never seek consent. And the way in which these apps can be used can violate both Federal and state laws, yet, when the apps are used in conjunction with stalking and cyberstalking, the victims of these crimes can shy away from engaging with law enforcement to find help. Even if victims do work with police, they often have one priority – stopping the harm, not filing prolonged lawsuits against their stalkers or abusers.
Though this threat may appear slippery, there is much that the cybersecurity community can do. We can better detect these types of threats and inform users about their dangers. We can train domestic abuse advocates about device security for themselves and for the survivors they support. Finally, we can partner with domestic violence researchers to better understand what domestic abuse survivors need for digital security and protection.