The ultimate guide to finding and killing spyware and stalkerware on your smartphone
Our digital selves, more and more, are becoming part of our full identity. The emails we send, the conversations we have over social media — both private and public — as well as photos we share, the videos we watch, and the websites we visit all contribute to our digital personas.
There are ways to prevent a government agency, country, or cybercriminals from peeking into our digital lives. Virtual private networks (VPNs), end-to-end encryption and using browsers that do not track user activity are all common methods.
Sometimes, however, surveillance is more difficult to detect — and closer to home.
Also: VPN services: The ultimate guide to protecting your data on the internet
This guide will run through what spyware is, what the warning signs of infection are, and how to remove such pestilence from your mobile devices.
For those with little time, check out the abridged version below:
Nuisanceware
At the bottom of the pile, you have nuisanceware, which often comes in software bundles together with legitimate, free programs. Also known as Potentially Unwanted Programs (PUP), this sort of software may interrupt your web browsing with pop-ups, change your homepage settings by force, and may also gather your browsing data in order to sell it off to advertising agencies and networks.
Although considered malvertising, nuisanceware is generally not dangerous or a threat to your core privacy and security.
Spyware and stalkerware
This is where things can get dangerous.
Spyware and stalkerware are types of unethical software can result in the theft of data including images and video, and may allow operators — whether fully-fledged cybercriminals or your nearest and dearest — to monitor emails, SMS and MMS messages sent and received, intercept live calls for the purpose of eavesdropping across standard telephone lines or Voice over IP (VoIP) applications, and more.
Stalkerware is the next step up from spyware and has become an established term in its own right, coined after a series of investigations conducted by Motherboard.
Whereas spyware rarely singles out individuals, unless it is in the hands of law enforcement or unscrupulous government agencies, stalkerware is software that anyone can buy in order to spy on those closest to them.
Stalkerware enables stealing images and text messages, eavesdropping on phone calls, and covertly recording conversations made over the internet.
Stalkerware may be able to also intercept app communications made through Skype, Facebook, WhatsApp, and iMessage.
Both terms, spyware and stalkerware, relate to similar malicious software functions. However, the latter is deemed more personal in use.
In order to avoid potential legal issues and alienating clients, many spyware solutions providers will market their offerings as services for parents seeking a way to monitor their child’s mobile device usage or for business owners to keep an eye on their staff’s online activities during work hours.
However, anyone willing to pay for the software can acquire it.
Retina-X, makers of PhoneSheriff, marketed their spyware software solution, for example, as “parental control for mobile.”
PhoneSheriff, developed for the Google Android operating system, permitted location monitoring via GPS, recorded calls, enabled access to text messages, and logged websites visited. The spyware was also able to block contacts, websites, and apps.
The company, which also developed TeenShield, SniperSpy, and Mobile Spy, closed its doors last year after a hacktivist said they would “burn them to the ground,” as the hacker deemed the business immoral. Now, Retina-X has stopped taking orders for the software and is offering pro-rated refunds to contracted users.
When these types of software are used at home, there are few reasons which do not lean towards toxic relationships. With the evolution of technology, so too has domestic abuse changed. Sometimes, stalkerware is used to monitor partners and spouses covertly, or occasionally with the full knowledge of the victim.
Spyware and stalkerware are found less commonly in the enterprise although some software solutions are marketed for companies to keep track of employee mobile devices and their activities.
The lines here can be blurry, but if a mobile device belongs to a company and is used by a staff member in full knowledge that it is tracked or monitored, then this may be considered acceptable. In these cases, employees should keep their private lives, social media, and emails on their own smartphone or tablet and off company property.
What kinds of spyware and stalkerware apps are still out there?
- SpyPhone Android Rec Pro: This £143 spyware claims to offer “full control” over a smartphone’s functions, including listening in to the background noise of calls and recording them in their entirety; intercepting and sending copies of SMS and MMS messages sent from the victim’s phone, sending activity reports to the user’s email address, and more.
- FlexiSpy: One of the most well-known forms of stalkerware out there is FlexiSpy, which markets itself using the slogan: “It takes complete control of the device, letting you know everything, no matter where you are.” FlexiSpy is able to monitor both Android smartphones and PCs and is willing to deliver a device with the malware pre-installed to users. The spyware is able to listen in on calls, spy on apps including Facebook, Viber, and WhatsApp, turn on the infected device’s microphone covertly, record Android VoIP calls, exfiltrate content such as photos, and intercept both SMS messages and emails. At the time of writing, marketing seems to be geared — at least, publicly — towards parents. The first image you see on the service’s website shows a teenager on her handset, with a message, “My dad’s not here. Meet me at 10.”
- mSpy: Another stalkerware app which markets itself as a service for parents, mSpy for the iPhone allows users to monitor SMS messages, phone calls, GPS locations, apps including Snapchat and WhatsApp, and also includes a keylogger to record every keystroke made on the target device.
- PhoneSpector: Designed for both Android and iOS handsets, PhoneSpector claims to offer “undetectable remote access.” While a disclaimer says that the service is designed for parents and businesses seeking to track company-owned devices used by employees only, the implementation of the software is made through common tactics used by malware and phishing campaigns. “All you have to do is text or email the OTA (over-the-air) link to the target device and our automated system will set up data transfer protocol and the necessary info for you to monitor the device,” the company proclaims. “Just tap a few buttons, then login to your online account! You can be viewing texts, calls, GPS and more within a few short minutes!”
MobileTracker, FoneMonitor, Spyera, SpyBubble, Spyzie, Android Spy, and Mobistealth are a few more examples of stalkerware which offer similar features, among many, many more in what has become a booming business.
It is also worth noting that you can be tracked by legitimate software which has been abused. Whether or not GPS is turned on, some information recovery apps and services designed to track down a handset in the case of loss or theft can be turned against victims to track their location instead.
How do spyware and stalkerware become installed on a device?
Spyware and stalkerware need to find a way to infiltrate a victim’s mobile device. Most of the time, this is simply done by installing the software on to the device physically, thus giving the app all the permissions it needs at the same time.
However, there are also remote options which do not need physical access. These versions will use the same tactics of cybercriminals — a link or email attachment sent together with its malicious package.
CNET: Best mobile VPNs: Android and iPhone VPNs compared
The warning signs
If you find yourself the recipient of odd or unusual social media messages, text messages, or emails, this may be a warning sign and you should delete them without clicking on any links or downloading any files.
To catch a victim unaware, these messages — known as phishing attempts — will attempt to lure you into clicking a link or executing software which hosts a spyware/stalkerware payload.
Should stalkers employ this tactic, they need you to respond to it. In order to ensure this, messages may contain content designed to induce panic, such as a demand for payment, or they could potentially use spoofed addresses from a contact you trust.
See also:
There’s no magic button to send spyware over the air; instead, physical access or the accidental installation of spyware by the victim is necessary.
In the case of potential physical tampering, it can take mere minutes for spyware to be installed on a device. If your mobile or laptop goes missing and reappears with different settings or changes that you do not recognize, or perhaps has been confiscated for a time, this may be an indicator of compromise.
How do I know when I’m being monitored?
Surveillance software is becoming more sophisticated and can be difficult to detect. However, not all forms of spyware and stalkerware are invisible and it is possible to find out if you are being monitored.
Android: A giveaway on an Android device is a setting which allows apps to be downloaded and installed outside of the official Google Play Store.
If enabled, this may indicate tampering and jailbreaking without consent. Not every form of spyware and stalkerware requires a jailbroken device, however. There is an app available in the Play Store called Root Checker that can check for jailbreaking on your behalf.
This setting is found in modern Android builds in Settings > Security > Allow unknown sources. (This varies depending on device and vendor.)
You can also check Apps > Menu > Special Access > Install unknown apps to see if anything appears which you do not recognize, but there is no guarantee that spyware will show up on the list.
Some forms of spyware will also use generic names to avoid detection. If a process or app comes up on the list you are not familiar with, a quick search online may help you ascertain whether it is legitimate.
iOS: iOS devices, unless jailbroken, are generally harder to install with malware. However, the presence of an app called Cydia, which is a package manager that enables users to install software packages on a jailbroken device, may indicate tampering unless you knowingly downloaded the software yourself.
If you think your PC may have been infiltrated, check below:
Windows: On Windows machines, double-checking installed program lists — possible through the start bar — and running processes under “Task Manager” may help you identify suspicious programs.
Mac: On Apple Mac machines, you can do the same by clicking “Launchpad,” “Other,” and “Activity Monitor” to check the status of running programs. You can also reach Activity Monitor quickly through Spotlight.
An antivirus scan is also a recommended way to remove spyware and PUP.
In the cases of Android and iOS devices, you may also experience unexpected battery drain, as well as unexpected or strange behavior from the device operating system or apps — but in the latter case, many users of stalkerware will try not to play their hand.
As with most things in life, trust your instincts. If you think something is wrong, it probably is — and you should take steps to seize control of the situation.
How can I remove spyware from my device?
This is where things get difficult. By design, spyware and stalkerware are hard to detect and can be just as hard to remove. It is not impossible but may take some drastic steps on your part.
Also: Protect yourself: How to choose the right two-factor authenticator app
When removed, especially in the case of stalkerware, some operators will receive an alert warning them that the victim device is clean. In addition, should the flow of information suddenly cease, this is a clear indicator that the malicious software has been eradicated.
- Run a malware scan: On both mobile and PCs there is a variety of mobile antivirus solutions available which may be able to detect and remove basic forms of spyware. This is the easiest solution available but may not prove effective in every case.
- Change all of your passwords: If you suspect account compromise, change every password on every important account you have. Many of us have one or two central accounts, such as an email address, which will act as a hub for other accounts and password recovery. Begin there.
- Enable two-factor authentication (2FA), in which account activity and logins require further consent from a mobile device, can also help protect individual accounts.
- Consider creating a new email address, known only to you, which becomes tethered to your main accounts.
- Update your OS: It may seem obvious, but when an operating system releases a new version which often comes with security patches and upgrades, this can — if you’re lucky — cause conflict and problems with spyware. In the same way as antivirus solutions, keep this updated.
- Protect your device physically: A PIN code, pattern, or enabling biometrics can protect your mobile device from future tampering.
- If all else fails, factory reset: Performing a factory reset and clean install on the device you believe is compromised may help eradicate some forms of spyware and stalkerware. However, make sure you remember to back up important content first. On Android platforms, this is usually found under Settings > General Management > Reset > Factory Data Reset. On iOS, go to Settings > General > Reset.
Unfortunately, some stalkerware services claim to survive factory resets. So, failing all of that, consider throwing your device in the nearest recycling bin and starting afresh.
Removal of different brands
FlexiSpy removal: FlexiSpy may masquerade on Android devices under the name “SyncManager.” If you find this app on your phone, try to uninstall it directly, and then restart your phone. However, it may also appear under another generic name, and so before deleting any apps, perform a search on the app name first.
mSpy: To remove mSpy, instructions are here as long as you have physical access to the device. On the iPhone, you need to access Cydia, search “Installed” and look for “IphoneInternalService.” Press modify and remove. Additional options to try are explained here.
So, what are Google and Apple doing about the problem?
Both Google and Apple are generally quick off the mark if spyware or other forms of malicious apps manage to circumvent the privacy and security barriers imposed for applications hosted in their respective official app stores.
In July 2019, Google removed seven apps from the same Russian developer from the Play Store. While marketed as employee and child trackers, the tech giant took a dim view of their overreaching functions — including GPS device tracking, access to SMS messages, the theft of contact lists, and potentially the exposure of communication taking place in messaging applications.
Also: Meet the malware which hijacks your browser and redirects you to fake pages
When it comes to Apple, the iPad and iPhone maker began a crackdown on parental control apps in April, citing privacy-invading functions as the reason for some iOS apps to be removed from the App Store. In some cases, Apple requested developers to remove functions, whereas, in others, the apps were simply removed. The company offers its own parental device control service called Screen Time for parents that want to limit their children’s device usage.
Surveillance without consent is unethical and in domestic situations causes a severe imbalance in power. If your sixth sense says something is wrong, listen to it.
A physical object is not worth sacrificing your privacy for. Should your device become compromised, take back control of your right to privacy — whether or not this means replacing your handset entirely.
READ MORE HERE