Contact
More about DataExpert

News

Using spy apps in interpersonal crimes

This month, an Australian man has been charged with creating and selling spyware used for domestic violence and child abuse. He had sold this software to more than 14,500 users from 128 countries, of which 443 were in the Netherlands. [1] An increase in spyware by as much as 55% has been reported since the outbreak of Covid-19.[2] It is seen as one of the top three threats to mobile security in 2022.[3] Many recent news stories have focused on the use of spyware in relation to national security, but spyware is also widely used on an interpersonal level, often in the form of spy apps. Spy apps are also known as stalking apps or clone apps and are applications that can be used to secretly track and monitor another device.[4] The European Parliament estimated in March 2021 that 1-3% of European women had been victims of cyberstalking in 2020[5]. In March 2022, the European Commission included cyberstalking in their proposal to combat domestic violence.[6]

This trend has also been noted by cyber security companies. In a survey by cyber security company Kaspersky with 21,000 participants from 21 countries, 64% of participants said they would consider using spy apps if they suspected their partner of cheating.[7] A NortonLifeLock survey found that 10% of their 2,000 survey participants said they had installed spy apps on their partners' phones to monitor their messages, phone calls, e-mails and photos.

Fig. 1: Global and regional detection figures Stalkerware [7]

Positioning of the apps
The spy apps are installed (hidden) on a phone and can contain various functions. For example, there are apps that are particularly suitable for keeping track of someone's location, apps that are mainly suitable for checking someone's search history (and receiving notifications for certain search terms), apps that are aimed at controlling the camera and/or microphone remote and apps that are primarily designed to read all incoming messages. More than half of the apps are marketed as an app that allows monitoring without the user of the phone noticing. 7 Many are also designed so that the app icon is not visible on the screen [8] or hidden as if it were a different app (such as a calculator).[9]

Many websites state that the apps are intended for 'concerned parents'. Parents may want to use these apps to track their child's phone usage because of their concerns. Another explanation for why it has been put this way may be that in many countries it is not allowed to install an app on an adult's device without permission, nor to read messages from another person without their explicit permission.[10] The grey area here is the device and messages from one's minor children. As long as the parent is the owner of the device, they have the right to install apps on it without the consent of the minor child. By marketing the apps for this, they maintain more distance from criminal applications of their product.[11] However, the websites of some apps do say that they are offered for use within a relationship.7 [12] So it seems that these apps are not only aware that their customers also use the apps on adults (without their consent), but also that they explicitly promote it.

This entails risks. In 2015, the maker of the app StealthGenie was convicted in the US. for advertising and selling this spy app. He had advertised the app saying that it could be used to monitor partners if they were suspected of cheating.[13] The USA has decided in this case that it is not enough to hold the persons who use this app to violate the privacy of others responsible, but that the creator and seller of this app also bears responsibility.[14] The strategy of most spy apps to stay within the legal grey area is to state on the website that customers are responsible for following the law when using the app, or by having customers fill out a form in which they indicate that they have permission from the person on whose device the spy app will be placed when purchasing the app. [15] However, this often contradicts their marketing that the apps can be used undetected and secretly.9

How the apps are used
This marketing is there for a reason. In October 2021, Ana Abaluhan and her friend Rayburn Cardenas Barron were both murdered by Ana's husband, Ali Abaluhan. Ali had shot them over a conversation he had heard between the two via a spy app he had installed on their daughter's iPad.[16] Several years earlier, Simon Gittany was convicted of the murder of his fiancée, Lisa Harnum. He allegedly killed her when he learned of her plans to flee from him using the StealthGenie app. He could have listened to a telephone conversation between Lisa and her mother and read the messages to her personal trainer that she wanted to flee the country.[17] These two cases illustrate how the use of spy apps can contribute to extreme violence. However, the use of these apps can be found in various crimes, ranging from identity fraud and stalking, to domestic violence (including partner abuse, child abuse and parent abuse), human trafficking, child pornography and blackmail.

To further find out who the users of spy apps are, Bellini, Tseng, McDonald, Greenstadt, McCoy, Ristenpart & Dell (2020)[18] analysed 556 forum posts on relationship and cheating forums about spying and tracking partners to look for patterns in behaviour. They found four recurring reasons that were mentioned for digitally monitoring their partner:

  • Gathering evidence of their partner's cheating.
  • Wanting to check if their partner is loyal.
  • Wanting to explain changing partner behaviour.
  • Wanting to check their partners devices/accounts.

These forums were used to ask and give advice to each other and to encourage others to digitally track their partner as well.[11]

Prevention
In view of the possibilities for application in interpersonal crime, prevention is important. Some forms of prevention would be to keep a close eye on who has access to your device and to set up a fingerprint scanner to prevent others from getting into your phone. Someone has also had access to your device if you got it from that person or if you sometimes leave your phone alone with this person, even if you think they don't know your password.[19] You can also keep track of which apps have GPS tracking or camera access enabled and try to limit that to only the necessary apps. There are also apps that can detect spy apps, but none of them have been shown to detect all spy apps.[20] In addition, downloading an anti-spy app can also trigger an alert to the person who installed the spy app. Tiny check is a no-download app specifically designed to detect spy apps without notifying the person behind the spy app, https://github.com/KasperskyLab/TinyCheck. A similar option is the Intimate partner violence spyware discovery (ISDi) application.[21] In addition, iOS has now developed a new Lockdown mode to prevent spy apps.[22]

These apps are designed to not stand out on a device, and many are also marketed as undetectable – unnoticeable. They will sometimes also appear in the app list under a different name; for instance, the mSpy app is listed as IPhoneInternalService on iOS devices and Update Service on Android devices. There are even apps that disguise themselves as a game on a device. To find out if there are spy apps on a phone, there are a few tell-tale signs to look out for, such as:

  • signs of more stress on the phone such as less storage space, a battery that drains faster or the phone overheating;
  • more mobile data usage;
  • and messages opened without the device user remembering doing so.

These are the first signs that may indicate the presence of spy apps on a device. In order to find out if there are actually any spy apps present, you can look at:

  • whether there are search terms in the browser history or in the Appstore or Playstore that are unfamiliar to the user of the phone;
  • whether there have been any changes in the settings where an app has permissions that should not be needed;
  • whether there is an unknown app among the processes on Android;
  • whether the virus scanner Play Protect of an Android device is disabled.

How to deal with as an investigating officer
The research by Bellini, Tseng, McDonald, Greenstadt, McCoy, Ristenpart & Dell (2020) found that spy apps were often installed in relationships after a phase in which rules were established within the relationship (e.g. no social media accounts or no watching pornography). Then came a phase in which a more negative attitude towards the partner was displayed (e.g. in language use and accusations). Then comes the escalation of exercising control, including in the form of spy apps. From this phase it is possible to proceed to the termination of a relationship, reflection (and regret) of the installer of the spy apps or an escalation of the control exercised, sometimes in the form of (extreme) violence.11 [23] If you recognise earlier phases in a victim, then it may be an idea to also look for the presence of spy apps.

If you find spy apps on devices of (possible) victims of a crime, it is important not to remove the app immediately or to restrict access to the app. This could endanger a potential victim should the person trying to spy on them find out that the victim is aware of this. Especially in cases where control is exercised on a victim, it is important not to do unexpected things, such that someone can possibly switch to other (violent) means of control at that time.[24] These victims are closely monitored and small changes in their behaviour can raise suspicions with the person behind the spy app. It is therefore safer to find an alternative way to be in contact with these victims. For example, it is possible to opt for written contact or appointments at 'neutral' locations that fit within the victim's standard pattern.[25] A victim will also need to document what is happening in an alternative way, such as the date and time, witnesses and evidence of incidents (e.g. photos, voicemails and screenshots). Tips for this can be found on this website: https://bcsth.ca/wp-content/uploads/2019/03/Section-1_1-Documentation-Tips-for-Women.pdf. The device can only be confiscated when the victim is safe, so this device (with spy app) cannot be taken to this safe location. The location can then be found. When taking the phone, it can be placed in a Faraday bag to block signals. For example, the person who installed the spy app does not immediately see where this phone is and it appears as though it is turned off.[26] This phone can then be examined to use the spy apps as evidence in a possible lawsuit.

More information
If you want to know more about spy apps: Since November 2019, there has been a coalition against Stalkerware consisting of 10 organisations, a combination of cyber security companies; domestic violence institutions; and digital activists. On their website, https://stopstalkerware.org/, they share tips for victims, IT and cyber security companies and media. They are supported in this by INTERPOL.1 For training courses, please visit https://www.work-with-perpetrators.eu/destalk. (Potential) victims can find checklists for their digital safety on https://refugetechsafety.org/. For scientific research you can visit https://www.ipvtechresearch.org/research, where studies on computer security and privacy for victims of intimate partner violence are published by a research group at Cornell Tech University in New York.

Sources
[1] https://thehackernews.com/2022/07/australian-hacker-charged-with-creating.html

[2] https://stopstalkerware.org/2021/04/23/interpol-supporting-coalition-against-stalkerware-to-fight-tech-enabled-abuse/

[3] https://thehackernews.com/2022/06/overview-of-top-mobile-security-threats.html

[4] https://stopstalkerware.org/information-for-survivors/#what-is

[5] https://www.europarl.europa.eu/RegData/etudes/STUD/2021/662621/EPRS_STU(2021)662621_EN.pdf

[6] https://stopstalkerware.org/2022/03/22/the-coalition-against-stalkerware-welcomes-the-inclusion-of-cyberstalking-and-cyber-harassment-in-the-new-european-commissions-proposal-on-combating-violence-against-women-and-domestic-violen/

[7] https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/04/12075509/EN_The-State-of-Stalkerware-2021.pdf

[8] https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8418618

[9] https://nypost.com/2022/02/24/inside-network-of-spy-apps-that-secretly-track-and-monitor-thousands/

[10] https://www.gao.gov/assets/gao-16-317.pdf

[11] https://www.cnet.com/news/privacy/stalkerware-sees-all-and-us-laws-havent-stopped-its-spread/

[12] https://www.security.org/blog/tracking-or-stalking-the-dark-side-of-tracking-apps/

[13] https://www.justice.gov/opa/pr/pakistani-man-indicted-selling-stealthgenie-spyware-app

[14] https://www.wired.com/2014/10/stealthgenie-indictment/

[15] https://resources.infosecinstitute.com/topic/mobile-phone-spying-software-legality-symptoms-and-removal/

[16] https://www.sandiegouniontribune.com/news/courts/story/2022-01-24/tiktok-star-ali-abulaban-ordered-to-stand-trial-in-killing-of-wife-ana-man-in-east-village-high-rise

[17] https://www.news.com.au/national/crime/how-lisa-harnum-almost-escaped-her-deadly-romance/news-story/439de54a7a4a577d8fb9913a777c789c

[18] http://nixdell.com/papers/V4cscw210-belliniA.pdf

[19] http://nixdell.com/papers/stalkers-paradise-intimate.pdf

[20] https://stopstalkerware.org/2020/06/23/antiviruses-detect-stalkerware-more-effectively-than-before/

[21] https://gcn.com/cybersecurity/2019/09/how-a-mobile-spyware-scan-helps-free-abuse-victims/297610/

[22] https://thehackernews.com/2022/07/apples-new-lockdown-mode-protects.html

[23] http://www.smh.com.au/technology/technology-news/spywares-role-in-domestic-violence-20140321-358sj.html.

[24] https://lukesplace.ca/resources/tech-abuse/spyware/#:~:text=Spyware%20apps%2C%20when%20used%20to,against%20the%20person%20using%20them.

[25] https://www.ipvtechresearch.org/_files/ugd/884c63_60bad8c4a8e1421eaefef28f0ca5c70a.pdf

[26] https://webwereld.nl/nieuws/smartphones/faraday-kooi-voorkomt-wissen-mobieltjes-3739489/

This website uses cookies

We find it very important that you are aware of which cookies our website uses and for which purposes. We use Functional Cookies to make our website function properly. In addition, we use Analytics Cookies to analyze the use of our website. We also ask your permission for the placement of cookies from third parties (social media, advertising and analytics partners) with whom we share information. By clicking 'Accept', you accept the placement of the above mentioned cookies. If you click on 'Settings', you will be taken to a page where you can specify which cookies may and may not be placed. Click here for our Privacy Statement.