Taking a look at the Coalition Against Stalkerware's ongoing work and achievements to date
Two years ago, the Coalition Against Stalkerware was founded by ten organizations. Today, Avast is one of more than 40 members, which include technology vendors, NGOs, academia, and police organizations from various countries. The goal of the coalition is to put a stop to domestic violence abuse and cyberstalking. In honor of the coalition’s recent second anniversary, we’d like to take a look at the international alliance’s ongoing work and achievements to date.
Jaya Baloo, Chief Information Security Officer at Avast, warns, “The growth in stalkerware and spyware poses a huge concern. Stalkerware is a form of tech abuse, an increasing threat which takes away the physical and online freedom of the victim. Usually installed secretly on mobile phones by so-called friends, jealous spouses and ex-partners, stalkerware tracks the physical location of the victim, monitors sites visited, phone calls and text messages, undermining a person’s online freedom and individual liberty.”
Avast has worked with a UK-based domestic violence charity, Refuge, to producean online tool which helps detect abuse of IoT devices and provides a room-by-room collection of tips on how to secure these connected devices.
The Coalition Against Stalkerware has other useful resources, including a condensed fact sheet for stalkerware survivors. There are guidelines on how to decide if your devices have been compromised or if there are other ways an abusive partner is stalking your digital life. The fact sheet also contains important information on how to remove such software as well as links to organizations that provide additional support.
In the past month, the coalition has also developed an online training course designed to teach EU-based law enforcement and victim support staff on how to deal with cyberstalking.
Formulating new solutions to combat stalkerware
The Women’s Service Network (WESNET) has been operating for more than a decade to train frontline social workers on how to better use technology and recognize cyberstalking. “Nearly all of our clients have experienced some form of tech-related abuse,” says WESNET CEO Karen Bentley. “The most common form is with various messaging apps.”
As a coalition member, WESNET has benefited from working with peers across the globe in terms of sharing stalkerware methods and working with others to create technical approaches to eliminating them. Bentley says, “It is great to help share practical solutions. We also have a better understanding of how stalkerware gets on your device and how to detect it."
According to Bentley, the new versions of iOS and Android have both helped and hurt the victims of abuse. “While the newest versions have more granularity of control over your privacy and location services, it can be overwhelming to most people to try to find your way through the various menu settings, and most users don’t know about these features.”
Martijn Grooten, the coordinator of the coalition, agrees. “In general, the more modern the OS, the better the protections. And stalkerware is mostly an Android issue, because Android, by design, allows you to bypass built-in protections on your phone.” Not to mention the proliferation of stalkerware apps that masquerade as something else. In 2019, Avast mobile threat researchers identified and then worked to remove eight different stalkerware apps from the Google Play Store.
To avoid these compromises to your Android phone or tablet, check out this fact sheet of the various guidelines to assess whether a stalker has installed anything on your phone. If you are using an iOS device, such as an iPhone or iPad, there are better protections to prevent stalking, as well as resources to help you configure your device for the maximum privacy settings.
However, “the first rule of stalkerware is that often a stalkerware suspicion isn’t an issue on your phone,” Grooten said. “It could be through other means, such as using a shared password to a cloud backup or other account. It isn’t trivial to escape abusive relationships either.” Bentley concurs: “In Australia, government accounts such as health and child records are required to be shared between parents, which makes it difficult to tackle coercive control by an abusive partner or spouse. Some women have never had their name on their phone account, making it difficult to untangle their accounts.”
One issue for technologists is that the threat models for stalking are often the opposite of what has been developed to stop anonymous and unrelated hackers. “Cybersecurity in the past has focused on these use cases and don’t easily extend to a former partner that knows everything about you and your security practices, such as your mother’s maiden name – a question that is often used to authenticate you to your bank account,” Bentley said.
If you are involved in an abusive relationship, you should be more proactive about protecting your privacy and follow these seven basic steps, such as setting up a unique and unguessable lock screen password and disabling the Find My Phone feature.
As stated by Baloo, “We’re proud to be working with members of the coalition, to raise awareness of tech abuse, educate people on how to address it, and constantly to improve ways to prevent this threat.”