Over 58,000 Android users had stalkerware installed on their phones last year

Kaspersky plans to show a special alert on Android devices when it finds stalkerware-like apps.
Written by Catalin Cimpanu, Contributor
Kaspersky stalkerware stats

Kaspersky's 2018 detections for stalkerware families

Image: Kaspersky Labs

Over 58,000 Android users had "stalkerware" installed on their phones last year, researchers from Kaspersky Lab have revealed today.

Of these, more than 35,000 had no idea about stalkerware being present on their Android devices until they installed Kasperksy's mobile antivirus, which flagged the infection.

Kaspersky's findings come to confirm a growing trend in the information security industry, where security researchers are seeing an increase in the use of stalkerware-like products, from both normal users and companies alike.

Stalkerware, also known as spouseware or "legal spyware," is a term used to describe a particular class of spyware. These are applications sold by legally-registered companies under various pretenses, such as child monitoring or employee tracking solutions.

Some of these apps are used for legitimate purposes, but in the vast majority of times, they are not. Legitimate apps are those who display visible markers to users letting them know they are being watched.

The bad apps, and the ones detected by antivirus companies and normally banned from the official app stores, are the ones that hide themselves from view.

Stalkerware should not be taken lightly

Having stalkerware on your phone is a sign that a close friend, lover, family member, or employer is trying to keep an eye on you without your knowledge --a fact that most people will find very disturbing and a reason to file criminal complaints.

Just the presence of stalkerware on your phone also suggests that someone has tampered with your device without your permission.

Installing these types of apps on someone's phone usually requires the attacker's physical access.

In some cases, the person knows and agrees to have stalkerware apps installed on their devices, for contractual reasons, but in the vast majority of cases, this installation process takes place without a person's knowledge, and these commercial "legal spyware" products are used by attackers to stalk their victims --hence the origin of the stalkerware term.

While the Kaspersky report detailed only stalkerware infections on Android devices, most commercial stalkerware products today also offer monitoring clients for iOs, Windows, macOS, and even Linux.

These questionable apps, despite not being outlawed, are becoming more and more popular with each day, since they cater to the darker side of human nature --feeding on ab abuser's insecurities and need to know.

Cases of rampant abuse have come to light over the past few years, when stalkerware companies have been hacked or have left servers exposed online, leaking customer data.

Twelve such leaks have been recorded so far, as documented by Motherboard in its When Spies Come Home series: Retina-X (twice), FlexiSpy, Mobistealth, Spy Master Pro, SpyHuman, Spyfone, TheTruthSpy, Family Orbit, mSpy, Copy9, and Xnore.

These leaks exposed cases of abusive men or women spying on current or former partners, bosses secretly keeping an eye on employee's private conversations, parents spying on kids' internet browsing habits and photos, and more.

Such leaks have shown that besides the abuser, a victim's data is also hosted and accessible to the stalkerware's companies' employees, and in some cases, to the entire internet, when these companies fail to secure their servers.

Furthermore, these leaks also show that the arguments that some of these stalkerware firms have been making are also blatant lies, with the leaks showing that abuse happens more often than not.

Stalkerware to get special treatment from Kaspersky

In a press release today, following the publication of its report about the commercial stalkerware landscape, Kaspersky said that its Android antivirus will now deal with stalkerware in a new and more transparent way.

"There is no need to prove the negative effects that commercial spyware brings, as its initial concept is completely unethical," Kaspersky said. "Despite all the findings listed above, most cybersecurity vendors still don't detect commercial spyware as a threat due to vague legal positioning on commercial surveillance."

The company plans to show a special alert whenever its product finds a known stalkerware app installed on a user's device, so the user will be fully aware of the stalkerware app's full capabilities.

The role of this new alert, Kaspersky says, is to raise awareness in regards to the danger that the user might be in.

Kaspersky stalkerware privacy alert
Image: Kaspersky Lab

How to discover and destroy spyware on your smartphone (in pictures)

Related malware and cybercrime coverage:

Editorial standards