The ultimate guide to finding and killing spyware and stalkerware on your smartphone

Surveillance isn't just the purview of nation-states and government agencies -- sometimes, it is closer to home.

Our digital selves, more and more, are becoming part of our full identity. The emails we send, the conversations we have over social media -- both private and public -- as well as photos we share, the videos we watch, and the websites we visit all contribute to our digital forms.

As mobile devices are now a common tool for social interactions, it is not just ad agencies, data miners, and surveillance-hungry powers that want to keep track of us.

When a government agency, country, or cybercriminals decide to peek into our digital lives, there are generally ways to prevent them from doing so. Virtual private networks (VPNs), end-to-end encryption and using browsers that do not track user activity are all common methods.

Sometimes, however, surveillance is more difficult to detect -- and closer to home.

This guide will run through what spyware is, what the warning signs of infection are, and how to remove such pestilence from your mobile devices.

For those with little time, check out the abridged version below:

Nuisanceware

At the bottom of the pile, you have nuisanceware, which often comes in software bundles together with legitimate, free programs. Also known as Potentially Unwanted Programs (PUP), this sort of software may interrupt your web browsing with pop-ups, change your homepage settings by force, and may also gather your browsing data in order to sell it off to advertising agencies and networks.

Although considered malvertising, these kinds of software are generally not dangerous or a threat to your core privacy and security.

Spyware and stalkerware

Spyware and so-called "stalkerware," however, is far more so.

These types of unethical software can result in victims being spied on, the theft of data including images and video, and may allow operators -- whether fully-fledged cybercriminals or your nearest and dearest -- to monitor emails, SMS and MMS messages sent and received, intercept live calls for the purpose of eavesdropping across standard telephone lines or Voice over IP (VoIP) applications, and more.

Stalkerware is the next step up in spying and has become an established term in its own right, coined after a series of investigations conducted by Motherboard.

Whereas spyware rarely singles out individuals, unless it is in the hands of law enforcement or unscrupulous government agencies, stalkerware is generally perceived as software that anyone can buy, in order to spy on those closest to them.

This can include the stalkerware stealing images and text messages, eavesdropping on phone calls and covertly recording conversations made over the Internet.

Stalkerware may be able to also intercept app communications made through Skype, Facebook, WhatsApp, and iMessage.

Both terms, spyware and stalkerware, relate to similar malicious software functions. However, the latter is deemed more personal in use.

In order to avoid potential legal issues and alienating clients, many spyware solutions providers will market their offerings as services for parents seeking a way to monitor their child's mobile device usage. However, anyone willing to pay for the software can acquire it.

Retina-X, makers of PhoneSheriff, marketed their spyware software solution, for example, as "parental control for mobile."

PhoneSheriff, developed for the Google Android operating system, permitted location monitoring via GPS, records calls, text messages, and logs websites visited. The spyware was also able to block contacts, websites, and apps.

The company, which also developed TeenShield, SniperSpy, and Mobile Spy, closed its doors last year after a hacktivist said they would "burn them to the ground," as the hacker deemed the business immoral.

When these types of software are used at home, there are few reasons why which do not lean towards unacceptable behavior, practices, and toxic relationships. A common reason reported for the use of such software is a lack of trust between partners, for example, and a wish to catch someone in the act of cheating.

With the evolution of technology, so too has domestic abuse changed. Sometimes, stalkerware is used to monitor partners and spouses covertly, or occasionally with the full knowledge of the victim.

Spyware and stalkerware are found less commonly in the enterprise although some software solutions are marketed for companies to keep track of employee mobile devices and their activities.

The lines here can be blurry, but if a mobile device belongs to a company and is used by a staff member in full knowledge that it is tracked or monitored, then this can be considered acceptable. The staff members may then keep their private lives, social media, and emails on their own smartphone or tablet and off company property.

What kinds of spyware and stalkerware apps are still out there?

-SpyPhone Android Rec Pro: This £143 spyware claims to offer "full control" over a smartphone's functions, including listening in to the background noise of calls and recording them in their entirety; intercepting and sending copies of SMS and MMS messages sent from the victim's phone, sending activity reports to the user's email address, and more.

-FlexiSpy: One of the most well-known forms of stalkerware out there is FlexiSpy, which markets itself using the slogan: "It takes complete control of the device, letting you know everything, no matter where you are."

FlexiSpy is able to monitor both Android smartphones and PCs and is willing to deliver a device with the malware pre-installed to users. The spyware is able to listen in on calls, spy on apps including Facebook, Viber, and WhatsApp, turn on the infected device's microphone covertly, record Android VoIP calls, exfiltrate content such as photos, and intercept both SMS messages and emails.

screen-shot-2018-09-05-at-16-49-41.png

-mSpy: Another stalkerware app which markets itself as a service for parents, mSpy for the iPhone allows users to monitor SMS messages, phone calls, GPS locations, apps including Snapchat & WhatsApp, and also includes a keylogger to record every keystroke made.

-PhoneSpector: Designed for both Android and iOS handsets, PhoneSpector claims to offer "undetectable remote access."

While a disclaimer says that the service is designed for parents and businesses seeking to track company-owned devices used by employees only, the implementation of the software is made through common tactics used by malware and phishing campaigns.

"All you have to do is text or email the OTA (over-the-air) link to the target device and our automated system will set up data transfer protocol and the necessary info for you to monitor the device," the company proclaims. "Just tap a few buttons, then login to your online account! You can be viewing texts, calls, GPS and more within a few short minutes!"

Spyera, SpyBubble, Android Spy, and Mobistealth are a few more examples of stalkerware which offer similar features, among many, many more which are in what has become a booming business.

It is also worth noting at this stage that you can be tracked by legitimate software which has been abused. Whether or not GPS is turned on, some information recovery apps and services designed to track down a handset in the case of loss or theft can be turned against victims to track their location instead.

How do spyware and stalkerware become installed on to a device?

Spyware and stalkerware need to find a way to infiltrate a victim's mobile device. Most of the time, this is simply done by installing the software on to the device physically, thus giving the app all the permissions it needs at the same time.

However, there are also remote options which do not need physical access. These versions will use the same tactics of cybercriminals -- a link or email attachment sent together with its malicious package.

CNET: Best Home Security Cameras for 2018

The warning signs

If you find yourself the recipient of odd or unusual social media messages, text messages, or emails, this may be a warning sign and you should delete them without clicking on any links or downloading any files.

Should stalkers employ this tactic, they need you to respond to it. There's no magic button to send spyware over the air; instead, physical access or the accidental installation of spyware by the victim is necessary.

In the case of potential physical tampering, it can take mere minutes for spyware to be installed on a device. If your mobile or laptop goes missing and reappears with different settings or changes that you do not recognize, this may be an indicator of compromise.

How do I know when I'm being monitored?

In one case of mobile stalking, I was asked how, if you suspected or knew that your phone had been tampered with, it is possible to find out the truth -- and whether there was a way to remove spyware from a smartphone without the other party knowing.

Surveillance software is becoming more sophisticated as time wears on and can be difficult to detect. However, not all forms of spyware and stalkerware are invisible and it is sometimes possible to find out if you are being monitored.

Android: A giveaway on an Android device is a setting which allows apps to be downloaded and installed outside of the official Google Play Store. If enabled, this may indicate tampering and jailbreaking without consent.

This setting is found in modern Android builds in Settings - > Security - > allow unknown sources. (This varies depending on device and vendor).

You can also go to Settings - > Apps to check installed software, but there is no guarantee that spyware will show up on the list.

Some forms of spyware will also use generic names in an attempt to avoid detection. If a process or app comes up on the list you are not familar with, a quick search online may help you ascertain whether it is legitimate.

iOS: iOS devices, unless jailbroken, are generally harder to install with malware. However, the presence of an app called Cydia, which is a package manager that enables users to install software packages on a jailbroken device, may indicate tampering unless you knowingly downloaded the software yourself.

If you think your PC may have been infiltrated, check below:

Windows: On Windows machines, double-checking installed program lists -- possible through the start bar -- and running processes under "Task Manager" may help you identify suspicious programs.

Mac: On Apple Mac machines, you can do the same by clicking "Launchpad," "Other," and "Activity Monitor" to check the status of running programs. You can also reach Activity Monitor quickly through Spotlight.

An antivirus scan is also a recommended way to remove spyware and PUP.

Also: Android malware gets sneaky TechRepublic

In the cases of Android and iOS devices, you may also experience unexpected battery drain, as well as unexpected or strange behavior from the device operating system or apps -- but in the latter case, many users of stalkerware will try not to play their hand.

As with most things in life, trust your instincts. If you think something is wrong, it probably is -- and you should take steps to seize control of the situation.

How can I remove spyware from my device?

This is where things get difficult. By design, spyware and stalkerware is hard to detect and can be just as hard to remove. It is not impossible but may take some drastic steps on your part.

When removed, especially in the case of stalkerware, some operators will receive an alert warning them that the victim device is clean. In addition, should the flow of information suddenly cease, this is a clear indicator that the malicious software has been eradicated.

- Run a malware scan: On both mobile and PC there is a variety of mobile antivirus solutions available which may be able to detect and remove basic forms of spyware. This is the easiest solution available but may not prove effective in every case.

-Change all of your passwords, enable two-factor authentication (2FA): If you suspect underhanded dealings and account compromise, change every password on every important account you have.

Many of us have one or two 'central' accounts, such as an email address, which will act as a hub for other accounts and password recovery. Begin there.

Enabling 2FA, in which account activity and logins require further consent from a mobile device, can also help protect individual accounts.

-Update your OS: It may seem obvious, but when an operating system releases a new version which often comes with security patches and upgrades, this can -- if you're lucky -- cause conflict and problems with spyware. In the same way as antivirus solutions, keep this updated.

-Protect your device physically: A PIN code, pattern, or enabling biometrics can protect your mobile device from future tampering.

See also: Meet the malware which hijacks your browser and redirects you to fake pages

Removal of different brands:

-FlexiSpy removal: FlexiSpy may masquerade on Android devices under the name "SyncManager." If you find this app on your phone, try to uninstall it directly, and then restart your phone. However, it may also appear under another generic name, and so before deleting any apps, perform a search on the app name first.

-mSpy: To remove mSpy, instructions are here as long as you have physical access to the device. On the iPhone, you need to access Cydia, search "Installed" and look for "IphoneInternalService." Press modify and remove. Additional options to try are explained here.

-If all else fails, factory reset: Performing a factory reset and clean install on the device you believe is compromised may help eradicate some forms of spyware and stalkerware. However, make sure you remember to backup important content first.

Unfortunately, some stalkerware services claim to survive factory resets -- although this cannot be verified for all kinds of spyware. So, failing all of that, consider throwing your device in the nearest recycling bin and starting afresh.

Surveillance without consent is unethical and in domestic situations causes a severe imbalance in power. If your sixth sense says something is wrong, listen to it.

A physical object is not worth sacrificing your privacy for and so should your device become unsalvageable, take back control of your right to privacy -- whether or not this means replacing your handset entirely.

Previous and related coverage