Mobile stalkerware, also known as spouseware, is monitoring software that a stalker silently installs on a victim's device without the victim's knowledge. Typically, the stalker needs to have physical access to the victim's device in order to install the stalkerware. Because of this, stalkers are often people from their victims' close family, social, or work circles.
Stalkerware applications have become increasingly popular in recent years. In 2019, Android stalkerware detections were reported to have increased almost fivefold from 2018, and this growth in 2020 was 48% compared to 2019.
Stalkerware can monitor a victim's device's GPS location, conversations, images, browser history, and more. It also stores and transmits all this data, so we decided to forensically analyze how these apps handle data protection.
To avoid being labeled as stalkerware and stay under the radar, the providers of these applications often promote them as a protection for children, employees or women, however, the word "spy" is used many times on their websites.
Searching for such tools on the Internet is not difficult at all, so there is no need to browse underground websites to find stalkerware options.
At a minimum, stalkerware apps promote ethically questionable behavior, leading most mobile security solutions to flag these apps as undesirable or harmful. However, since these apps access, collect, store, and transmit more information than any other app their victims have installed, we were interested in how well these apps protected such a large amount of sensitive data.
A victim is a person targeted by a stalker who spies on them through monitoring software. Finally, an attacker is a third party that the bully and the victim are generally unaware exists. In this sense, an attacker can carry out actions such as taking advantage of security problems or privacy flaws in the stalkerware application or associated monitoring services.