Day 6

Stalkerware is more common than you think and Eva Galperin has a plan to stop it

Stalkerware lets someone else monitor your text messages, phone calls and physical location. It's often used by intimate partners. The Electronic Frontier Foundation's Eva Galperin is pushing anti-virus software developers to take it more seriously.

Apps allow intimate partners to secretly read text messages, monitor keystrokes and track a phone's location

Stalkerware is installed, usually, on an intimate partner's mobile device and tracks phone calls, text messages and the person's location. (Arun Sankar/AFP/Getty Images)
Listen8:22

After fielding hundreds of stories from victims of stalkerware software most often installed surreptitiously to track a romantic partner Eva Galperin is enlisting the help of tech companies to help her dismantle it, one virus scan at a time.

Stalkerware, sometimes also called spouseware, is typically hidden when installed on a person's device or computer.

Usually masquerading as "parental control" apps, the software can read text messages, intercept phone calls, view photos and share the device location.

"Frequently people would come to me and ... they simply didn't know why their partner suddenly knew where they were and what they were doing at all times," Galperin, cybersecurity director for the Electronic Frontier Foundation, toldDay 6 guest host Saroja Coelho.

But, because installing stalkerware often requires physical access to the device — and knowing a partner's password — it's not considered malicious by most anti-virus software.

"To the [anti-virus] companies, having physical access to the device and having the password is the same thing as having legitimate access to the device," Galperin said.

"So, I went to the [anti-virus] companies and I said, 'This is simply not the case. I've got some news for you about how abuse works.'"

Anti-virus company steps up

While stalkerware can be installed on iOS devices with workarounds, like "jailbreaking," the majority of installations are on Android devices.

"We know that these [stalkerware] companies have thousands and thousands of users all over the world," Galperin said.

"Most people find these apps by simply entering some terms into a search engine."

Last month, Russia-based anti-virus software company Kaspersky announced that it will now offer a "Privacy alert" to its Android app users when stalkerware is found.

In arelease, the company said more than 58,000 users over the past year have found stalkerware on their devices. Nearly two-thirds were unaware it was installed.

Once you have gotten out of the relationship ... that's the time to change all of your passwords, to set up [two-factor authentication].- Eva Galperin, Electronic Frontier Foundation

In a statement to CNET, Symantec, the company behind Norton Anti-Virus, said their software recognizes stalkerware as malicious, and flags users when apps are sharing location data. Malwarebytes told CNET they've been blocking stalkerware since 2014.

Protecting yourself

Galperin's primary advice for combating stalkerware is to keep your devices close at hand.

She took up the battle against stalkerware after she discovered a former colleague was alleged to be a "serial rapist," she said.

"I read an interview with one of his victims," Galperin recalled. "She was asked by the journalist, 'Well, why didn't you speak up earlier?"

"Her answer was, 'It was because he was a hacker,' and she was terrified that he would compromise her devices."

If you believe you've already been compromised, she recommends scanning your device with either Kaspersky or Look Out anti-virus.

"Once you have gotten out of the relationship, or you're trying to disentangle yourself, that's the time to change all of your passwords, to set up [two-factor authentication] ... and really try to get yourself some peace of mind," she said.


To hear the full interview with Eva Galperin, download our podcast or click 'Listen' at the top of this page.

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.