What is Stalkerware?
Stalkerware refers to software that can be installed on devices, allowing a third party to discreetly track that device’s location and activity without the user’s knowledge. They can monitor almost all aspects of a device’s activity, from locations, messages, and call history to social media profiles, photos, and browser history. Typically installed on smartphones, stalkerware even enables the “stalker” to surreptitiously intercept phone calls, access the camera or microphone, and take screenshots.
Most people know that their devices' geolocations can be tracked, which is helpful if, for example, the device goes missing. However, fewer realize that third parties can track device activity. For anyone wondering, "Can people track your phone?" the answer is yes.
The idea of someone monitoring a personal device is an insidious one, but it can happen with the use of stalkerware. The latest Kaspersky State of Stalkerware 2023 report reveals almost 31,000 mobile users worldwide were subjected to stalkerware. According to the Kaspersky Security Network, in 2023, users in Russia (9,890), Brazil (4,186), and India (2,492) were the top three countries most affected, but the issue is global.
The number of new people being targeted by this form of digital stalking has remained fairly constant on a monthly and annual basis now since 2021, suggesting that the issue isn’t going away anytime soon. In addition, in a survey carried out by Arlington Research in 2024, 54% of respondents did not approve of monitoring a partner without their knowledge or consent. A majority, but not as large a proportion as the 70% of respondents who held that position in 2021. In this landscape of shifting attitudes towards trust and privacy, it’s little wonder stalkerware remains a prevalent concern.
The availability of stalkerware may raise many questions for phone users, including “How do I know if someone is tracking my location.” This guide will answer this and other queries relating to the software so that users can be prepared to prevent infections or respond appropriately when they encounter them.
Is Stalkerware Legal?
Installing stalkerware on someone else's device without consent is illegal. Stalkerware’s popularity with bad actors, particularly domestic abusers and stalkers, gives it an understandably sinister reputation.
There is also concern about the overlap between stalkerware programs and legal, legitimate parental control or tracking apps. However, where parental control apps often form part of an agreement or ongoing conversation about digital safety within a household, stalkerware infringes on a user’s privacy without their knowledge.
How is Stalkerware Installed?
Stalkerware software and apps are commercially available online and can easily be downloaded and installed. The “stalker” simply needs physical access to the device and an internet connection. The stalkerware then runs in the background without any identifying activity, so victims are often unaware they are being monitored. The “stalker” can monitor user activity through a website or another device and often receives activity notifications. Importantly, stalkerware is more of a threat to Android users than those with Apple devices. This is because iOS is a closed system, and prospective stalkers need physical access to an iPhone to first “jailbreak” it and then install the software.
How to Know if Your Phone is Being Tracked
For those wondering if their phone is being tracked or how to detect stalkerware on a phone, it is essential to know if there is anything to look for that might confirm suspicions. Because stalkerware operates in the background, there is no foolproof method for detecting the software. However, for those who want to know how to check if your phone is being monitored, here are a few red flags:
- A battery that drains faster than usual.
- The device turns on and off by itself.
- Changes in phone settings.
- Suspicious apps, especially those with unusual permissions to track locations or other activity—go through all apps and look for anything unusual, unknown, or that does not function as expected.
- Unexplained surge in data usage.
- Someone displaying an unusual level of knowledge about you, including locations you’ve been or details from private conversations and messages.
There are also more concrete ways to identify if a device has stalkerware on it. Kaspersky experts developed TinyCheck in 2020 – a free, safe, open source tool for organizations to use to detect stalkerware, without alerting the person who installed it on the device.
What to Do About Stalkerware
Users who confirm the presence of stalkerware on their device may instinctively decide to remove it immediately. However, it is important to exercise caution. Since the goal of the software is to monitor user activity, the stalker will be able to see whether malware scans are being run and the infected app is removed. In some cases, such as domestic abuse situations, this could further endanger the device’s user.
To help combat this, Kaspersky’s privacy alert was expanded in 2022 to not only inform users that stalkerware is present on their device, but also to warn them that whoever installed the software will be made aware if it is removed. Christina Jankowski, Senior External Relations Manager at Kaspersky, commented, “The reason behind this is simple: if the software is deleted it erases proof that stalkerware has been installed, and if a perpetrator loses control over a device, the situation might escalate.”
In addition, removing the stalkerware could remove significant evidence in cases requiring prosecution. In a situation like this, it may be best to go to the authorities first and use a different device for communication until the stalkerware on the original device has been resolved.
Here are a few actions you may want to take if you suspect stalkerware has been installed on your phone:
- Use another phone or device that is not being monitored—replace the compromised device if possible.
- Document anything that suggests the presence of the software, including suspicious apps, unusual activity, or strange settings.
- In cases such as domestic abuse, seek assistance from NGOs that provide support to victims.
- Check if the phone has been “rooted” (for Android) or “jailbroken” (for iOS).
- Reach out to a support organization for advice or help. The Coalition Against Stalkerware website can help you find one locally.
How to Remove Stalkerware from Android Phones and Other Devices
For users who feel they can safely remove any stalkerware-type app or software, here are a few ways to go about it:
- Use a malware scanner to scan the device and remove any threats, including PUA (Potentially Unwanted Application) programs
- Uninstall any apps that you don’t recognize or did not install.
- Ensure the device’s OS is up to date.
- Perform a factory reset to wipe the device, including any stalkerware.
How to Prevent Stalkerware
In 2019, Kaspersky pioneered a system that notified users if stalkerware was detected on their device. In 2022, the Privacy Alert was enhanced to remind users that removing the software would alert the attacker and could erase evidence that could be useful if pursuing prosecution. Stalkerware is a genuine and current threat, and although it is always possible for people to track your phone, there are ways to avoid this software. Here are a few tips for protecting devices:
- Use a strong password to protect your phone and never share this with others—enable biometric authentication if possible.
- Practice password hygiene for all accounts on your phone, such as using different passwords—a password manager can help—and changing them regularly.
- Set up two-factor authentication on all accounts.
- Only download official apps from trustworthy sources, such as Apple’s App Store.
- Use a security solution, like Kaspersky for Android, on all devices to try and stay alert to threats.
- Do not leave unattended devices unblocked and be mindful of people asking to use a device—physical access can provide an opportunity to install stalkerware.
- Be cautious of devices that are gifted unexpectedly unless they come from a trustworthy source.
- Enable security features on devices—on Android devices, for example, users can block installations from “unknown sources”.
- Ensure all operating systems and apps on devices are up to date.
- Avoid rooting (for Android) or jailbreaking (for iPhones)—although this can remove limitations on operating systems, these actions can compromise the devices’ inherent security features.
Frequently Asked Questions about Stalkerware
What is Stalkerware?
Stalkerware is a specific type of software or app that can be physically installed on phones or other devices to allow a third party to track the phone’s location and activity without the owner’s knowledge. The stalker can track almost all the compromised phone’s activity, including call and browser history, text messages, and photos. Because these programs run in the phone’s background, most victims of stalkerware do not realize their devices have been compromised.
How to Check if Your Phone is Being Monitored?
While there might not be foolproof signs that stalkerware has been installed on a device, there are several things to look out for. If the phone's battery drains too quickly, turns on and off unexpectedly, has evidence of apps that the user didn’t intentionally download, inexplicably uses a lot of data, or the device settings have been altered, such as the activation of the option to allow installation of apps from unknown sources, for example, it may have stalkerware.
How Can I Remove Stalkerware?
Users who suspect their phones have been compromised with stalkerware should first consider their safety. This is because the program may alert the stalker if attempts are made to remove it. Use an uncompromised device if possible, document any activity that suggests the presence of stalkerware, and if necessary, contact the police. If it is safe to do so, it is possible to remove the software. This can be done with a malware scanner, uninstalling any unusual apps, updating the phone's operating system, or performing a factory reset.
Kaspersky Endpoint Security received three AV-TEST awards for the best performance, protection, and usability for a corporate endpoint security product in 2021. In all tests, Kaspersky Endpoint Security showed outstanding performance, protection, and usability for businesses.
Related Articles and Links:
- What are the Different Types of Malware
- How to Remove Malware from a PC or a Mac
- Malware Detection and Prevention
Related Products and Services: