This article is the second in a series on digital safety for trans people. Read the first article on private & anonymous browsing for trans people.
Stalkerware, a type of spyware, that enables remote access by a person to monitor the contents of another device, such as a mobile phone, tablet, or laptop. This access goes way beyond apps that are developed to find your phone if it is lost or stolen. And despite some being marketed as parental control apps, they are not just set up to limit what kind of websites or apps a child can visit. They are used to surveil and control people. For trans folks of any age, these tools can further isolate us.
Callers on the Trans Lifeline hotline have reported various situations in which stalkerware has seriously endangered them. Some examples of this include:
- Youth callers unable to access resources about being trans or trans community due to parental control apps and needing to stay closeted for their safety.
- Youth callers who have to run away from their abusive homes and can be tracked by their parents/guardians.
- Adult callers trying to escape abusive relationships whose abusers have put stalkerware on their phone/computers.
This article is meant to empower you with the knowledge to address possible instances of abuse via digital and hardware technologies, and is not meant to create fear. The reality is that the devices we use to navigate the world are also built to be tracking devices. The people that try to control our bodies can use those devices to limit our movements, monitor our gender affirmation journey and coming out experiences, or punish us with information obtained through stalkerware. This can all be done with or without our knowledge.
How does this software access your device?
Most stalkerware has to be manually installed. This means that someone would have to have physical access to your device. Some people trick victims into installing these apps under the pretense that the app is something else. Some force installation of the app by threatening to punish the victim. For example, a parent threatening to not fund their child’s college education or a partner threatening to break up or kick their partner out of the house unless they voluntarily accept being monitored.
Once that software is installed, the person that has remote access to the other person’s device can access sensitive, personal information including:
- Browsing History
- Text messages
- Live feeds from a victim’s camera or microphone
- Live calls by intercepting
How to identify stalkerware on your device
Many stalkerware apps are built to not be easily found. Sometimes the application icon is hidden in some way even though the app is running in the background.
It’s important to remember that there is a long list of reasons why your phone or laptop could be slow, overheating, or showing unusual behavior - from an update crashing an old, unsupported device or a virus that displays an endless amount of pop ups or notifications.
But in some instances, that behavior is a byproduct of stalkerware and can be key indicators that it is installed.
Some indicators are:
- Your battery is constantly draining
- Your device is constantly overheating
- Surge in data usage
Androids & iPhones
On an Android, check if the “Unknown Sources” option in the Security section of your Settings is enabled. It should be disabled by default in order to stop apps from being installed outside of the Play Store.
On an iPhone, the two most likely places to find stalkerware on your device are both in the Settings app. Both of these could have legitimate uses for business or school, but if you have one installed and don’t recognize it, that could be a sign of spyware.
- VPN: In the Settings app, tap General, then scroll to and tap VPN. If you have a VPN configuration listed that you don’t recognize, that could be stalkerware.
- Profiles: In the Settings app, tap General, then tap Profiles & Device Management (it may also just say Profiles). If you have a profile you don’t recognize, that could be stalkerware.
More and more anti-virus companies are expanding the ability to identify stalkerware. Antivirus software isn’t entirely effective, but make sure to have antivirus installed and running.
Wired article on how to check for stalkerware.
Kaspersky, a Russian-based cybersecurity tools provider, delves deeper into the technical implementation of stalkerware, especially on Android applications.
Even if you don’t have stalkerware on your phone, there’s another possibility to consider: If you are on a cell phone Family Plan with others, the main person on the account may be able to get your location, phone call and text history by asking the company - or even just on their website.
What to do if you find stalkerware installed on your device
Once the stalkerware is identified, you could delete the software or even do a factory reset of your device, but that may not be the best or safest option depending on your personal risk assessment. Once you take those steps, the person monitoring your device will notice that they no longer have access to your device. If you’re planning to delete stalkerware, create a safety plan with trusted people in your life. If that is not an option, call Trans Lifeline to explore possible resources and scenarios to address concerns you have with removal. We can help you identify a trans friendly organization that works with domestic violence survivors in your state. Whatever decision you make, if you want to immediately remove stalkerware, consider buying a burner phone and/or find a device to call trusted people and organizations to plan for possible fallout.
The Coalition to Stop Stalkerware also has a list of steps to take if you find stalkerware.
But I consensually use these apps and I’m fine with it
Not everyone feels forced or coerced into using these apps. Maybe you and your partner and/or family member have set up consensual agreements around how the app will be used so that neither party feels controlled. However, several stalkerware apps have had extensive data breaches. These apps are known to have security flaws that could compromise your data and lead to exposure of personal information to third parties, including photos and chat messages.
If you are in need of assistance call the The NW Network of Bi, Trans, Lesbian and Gay Survivors of Abuse at 1-206-568-7777 or email [email protected].