COVID-19 ISO Insights

An Increase in 'Stalkerware' is Posing Privacy Issues During the Pandemic

December 14, 2020

By: David Geller, CPCU, SCLA

In May 2020, we posted about reports pointing to, in part, a spike in domestic violence incidents that had transpired during COVID-19 lockdowns.

Recent reports have now pointed to threats that individuals have confronted with increasing regularity during the pandemic as well: a cyber harassment application known as “stalkerware.”

What is Stalkerware?

The Coalition Against Stalkerware defines stalkerware “as software, made available directly to individuals, that enables a remote user to monitor the activities on another user’s device without that user’s consent and without explicit, persistent notification to that user in a manner that may facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence.”

According to an article authored in Forbes by an employee from security firm Malwarebytes, “this technology can relay private information about a victim to an abuser without the victim's knowledge or consent, including their location, photos, audio, browser and call history, emails and more.”

Stalkerware Trends During COVID-19

Wired UK has reported on various findings culled together by different security and monitoring enterprises, including that:

  • According to cybersecurity company Avast, stalkerware detections in the UK between March and June 2020 increased 83% compared to January-February 2020. Globally, there was a 51% rise during this time period.
  • Per Malwarebytes, monitoring app detection between January-June increased by 780%, and spyware detections specifically surged by 1,677%.
  • Kaspersky’s data appear to reflect similar upticks. Per the article, the security company identified stalkerware on 8,201 devices in April 2020, an increase from the 7,736 found in April 2019. Of note, Kaspersky also discovered ten new types of stalkerware in April, May, and June 2020.

The use of stalkerware does not appear to be limited to mobile phones. The Wired UK article notes that there have been other reports that cite the use of IoT devices, such as smart doorbells, to surveil victims.

What Is Being Done to Address Stalkerware?

One reported dynamic that is contributing to the increased use of stalkerware, per Cnet, is the apparent ability for the developers of these apps to skirt punishment through workarounds. Cnet notes that [a]lthough it's illegal to sell apps that exist primarily to secretly spy on adults, the laws governing these sales are narrowly tailored and let many app makers operate legally.” For example, some of these apps reportedly advertise as “child-monitoring services”, potentially inferring that they aren’t developed to “primarily” spy on adults.

According to the article, this is creating challenges for law enforcement agencies. Also posing problems is that, even when victims do bring their devices to law enforcement on suspicions of stalkerware, a lack of training reportedly inhibits their ability to effectively investigate what happened.

Efforts, per Cnet, are still being made to tackle this issue. The U.S. Federal Trade Commission (FTC), which enforces federal consumer privacy laws, reached a settlement with an app-maker in 2019 that “required the company to make it more clear to purchasers that they must get consent from adults before installing the software on their devices, in addition to displaying an icon on the phone that's being monitored with the name of the app.”