Getty Images / WIRED
Belinda’s* abusive ex-partner was able to repeat word for word conversations she’d had with family. She was worried he seemed to know where she was. Her phone ran low on battery, was hot to touch and her data was used at an alarming rate. Often her phone would “glitch” – jumping back to the home screen, while emails and app notifications would disappear.
An outreach worker referred Belinda to the domestic abuse charity Refuge, which has a specialist tech team that, in part, helps women who are being spied on via their phones. They gave her a burner phone, and helped her find and remove the stalkerware her ex had installed and secure her accounts. “The first and most important step was to ensure we could speak to her without compromising her safety,” says a member of Refuge’s tech team, who does not want to be identified for fears of being targeted with abuse.
During lockdown, the use of stalkerware – software running in the background on a mobile that can track people’s actions – has soared. Analysis from cybersecurity company Avast has revealed that the UK experienced some of the biggest increases in the use stalkerware as the pandemic took hold.
Detections of stalkerware in the UK rose 83 per cent between March and June this year compared to between January and February, and against a global 51 per cent rise, according to Avast’s figures. These are some of the sharpest rises in the world, with the UK behind only Japan and Germany out of 12 countries included in the data. “These figures are just the tip of the iceberg,” says Jaya Baloo, chief information security officer at Avast. “Most people don’t use antivirus software on their phones, so many cases may be missed. But the trend is definitely up.”
The data shows that Belinda’s case is not unique. As well as increasing the use of stalkerware, Covid-19 lockdowns have also led to rises in domestic violence and calls to helplines. As the world shut down, many women were left with nowhere to go. “I’ve spoken to survivors who say their places of safety – the school gates, cafes – evaporated as we shut down,” says Cassandra Wiener, a doctoral researcher at the University of Sussex who has been speaking to women in refuges.
“They are increasingly confined to the most dangerous space in their lives – the one they share with him,” Wiener says. “Tech makes stalking possible in a way we’ve never seen before. It’s a perpetrator’s friend. A woman knows she has to obey because she knows she’s being watched.”
The picture is consistent. Security firm Malwarebytes reports even steeper rises across the world – detections of monitoring apps between January to June rose 780 per cent, while spyware detections soared by 1,677 per cent. Kaspersky also reports a global increase. It found stalkerware on 8,201 devices in April 2020, up from 7,736 the previous year. Researchers also discovered ten new types of stalkerware during the second three months of 2020.
The number of detections has dropped since the peak of lockdown, but are still up dramatically on the start of the year, says Baloo. “These are really horrible, blatant stalking apps that monitor and intimidate.”
Refuge is currently working with 1,594 women experiencing tech abuse, although most cases of abuse it works with involve some sort of technology. “Some of these women are being completely controlled,” says Jane Keeper, director of operations at the charity. “This kind of abuse can be hard to detect, and it’s important for women to trust their instincts.” Refuge has a safety guide that gives practical advice on securing devices as well as a 24-hour helpline.
It’s not just stalkerware that’s on the rise. Refuge has also received more reports of legitimate devices such as smart doorbells and or find-my-phone apps being used to surveil partners and exes. When the UK lockdown was partially lifted in July, the charity recorded a 54 per cent rise in women contacting its helpline.
Monitoring apps give abusive partners extraordinary levels of surveillance and control. Android phones are more vulnerable than iPhones, which need to be jailbroken – but some apps can scrape iCloud memory logs for data. They’re hard to spot but warning signs might emerge – random requests for permissions, slower than usual operation or a battery which drains faster.
David Ruiz, an online privacy expert at Malwarebytes, tested an app that could stream video and ambient audio live from his phone. “This was a digital portal into my own home,” he says. His phone conversations were recorded, with texts and even deleted photos also visible. His location and movements were tracked, and his home screen could be live streamed. “I found it deeply powerful, invasive and upsetting,” Ruiz says. “A perpetrator would know where I was, who I spoke to, how often and what we spoke about, the photos I took.”
Those abused with stalkerware are subjected to this every day by their partners and exes. The impact can be devastating – and we’re still ignorant about tracking technology, says Wiener. “Staff at women’s support centres tell me that the use of stalking technology is one of the biggest challenges they face and one that is becoming increasingly difficult to understand without specialist training.”
As incidents increase, so has momentum among activists to curb the reach of the software and ease with which it can be bought and installed. Perpetrators are roughly two thirds men and a third women, says Eva Galperin, head of cybersecurity at the Electronic Frontier Foundation, which in 2019 helped found the Coalition Against Stalkerware – a collaboration between activists and industry against the abusive technology.
These apps can be relatively easily spotted by antivirus software, and industry efforts to boost detection and recognise stalkerware as a separate category have been largely successful, says Kristin Del Rosso, senior security intelligence engineer at security firm Lookout.
An independent study showed nine out of ten antivirus products had increased detection ability of stalkerware in the six months to May 2020. In September this year, Google formally banned all stalkerware apps from the Play Store. If some apps evade detection, this is usually only temporary, says Del Rosso. Security experts say these are actually just a handful of apps which are rebranded many times over with minor changes. “Sophisticated security systems won’t be fooled by this,” she says.
Despite the clampdown, prosecutions for creating or using stalkerware are few and far between. A combination of mistrust in the police, sly marketing, patchy reporting and out-of-date laws have conspired to create a reality where use of stalkerware is rising, but prosecutions aren’t. In September, a man in the UK was handed a suspended prison sentence as part of a conviction that included installing a tracking device on his victim’s phone.
No direct law tackles stalkerware. “It’s an emerging area,” says James Constable, a criminal lawyer at B P Collins. It’s mostly covered by the Computer Misuse Act, now 30 years old, or the Protection from Harassment Act of 1997. “And that was a very different time,” says criminal barrister Rebecca Penfold. “Much more needs to be done to protect privacy. Technology moves faster than the law. But private surveillance in a private dwelling unbeknownst to the target can never be right, and that’s why it’s criminalised.”
Police responses to stalkerware have improved in the last couple of years, says Peter Yapp, partner for cyber and information security at Schillings International, who has previously worked on stalkerware cases. But that doesn’t mean there isn’t more work to do, including greater public education on how stalkerware can be used. “The level of understanding is not there,” Yapp says.
In July the National Police Chief’s Council (NPCC) acknowledged the rise in digital stalking during lockdown and said it expects the trend to continue. “These apps can contain in-built tracking and surveillance capabilities, and can look like genuine and innocent programmes, which offenders use in a variety of ways to monitor and intimidate their victims,” a NPCC spokesperson says. The NPCC is currently collaborating with technology firms, support groups and partner agencies to improve strategies.
Forces such as Hampshire Constabulary have worked with clinical experts, legal experts and regional support group Aurora New Dawn to tackle incidents of stalking. If they suspect cyber stalking, they will seize devices for forensic examination, and a police stalking coordinator then decides how to proceed. Hampshire Constabulary runs a nationally recognised stalking clinic which not only supports the victim but also the works with health authorities and probation services.
But more support is needed – and much of it is coming from the security industry. Malwarebytes is a founding member of the Coalition Against Stalkerware, and is trying to spread the word and support law enforcement and support groups worldwide. “That might be speaking to local district attorneys about how to prosecute if they get a case,” says Ruiz.
Baloo would like to see the introduction of an open source antivirus tool that people could install to protect themselves – complete with a “report” button to help automate the reporting of suspected stalkerware. As for whether any covert monitoring – by employees or parents is ever acceptable, Galperin is clear – if it occurs without consent, it’s immoral and illegal.
*Name has been changed
More great stories from WIRED
🇸🇪 Not every country treated the pandemic the same – did Sweden’s Covid-19 experiment work?
💬 This AI Telegram bot has been abusing thousands of women
🧥 Apple’s new phones have arrived: Should you get the iPhone 12 or iPhone 12 Pro?
🔊 Listen to The WIRED Podcast, the week in science, technology and culture, delivered every Friday
👉 Follow WIRED on Twitter, Instagram, Facebook and LinkedIn
Get WIRED Daily, your no-nonsense briefing on all the biggest stories in technology, business and science. In your inbox every weekday at 12pm UK time.
Thank You. You have successfully subscribed to our newsletter. You will hear from us shortly.
Sorry, you have entered an invalid email. Please refresh and try again.