Kaspersky Lab has upgraded its Kaspersky Internet Security for Android with Privacy Alert – a new feature that warns the users if their private information is being monitored via commercially available spyware.
While this kind of software is deemed to be legal, the program’s presence is often both unwanted and unknown by the user affected.
In some cases, a program’s download page specifically states the software is intended to be used for secretly spying on the user. For this reason, Kaspersky Lab decided to introduce a special alert for such programs, enabling those affected to decide for themselves what they want to do about it.
Commercial spyware programs are background-running apps installed on phones, which can be used to monitor and track device activity. Usually used to spy on partners or ex-partners, there is nothing to stop people using such programs to target specific individuals for malicious purposes, Kaspersky Lab said.
This is often done without the victim’s knowledge, leading to these types of programs being commonly referred to as ‘stalkerware’. While functionality varies, it often allows the person who installed it to access their victim’s device information, SMS messages, photographs, social media conversations, geolocation data and, in certain cases, to transfer audio and camera recordings in real time.
While installing stalkerware on someone else’s device requires physical access, it can be done quickly by downloading an app onto the phone from a distributor’s website. In 2018, Kaspersky Lab products detected stalkerware programs on 58,487 unique mobile devices – proving the severity of the threat.
While it seems hard to even imagine that such a blatant privacy invasion can be so common and easily accessible, stalkerware programs have been exposed and publicly criticised multiple times. Yet, in most countries their status remains vague.
In addition, Kaspersky Lab researchers have looked at the wider landscape for such software. The resulting report, ‘Beware of stalkerware’, features analysis of commercially available spyware, including the most popular consumer surveillance apps.
The research shows that alongside the obvious privacy invasion, such programs generally lack protection measures for the sensitive data being hijacked. For instance, five out of 10 stalkerware programs analysed had either experienced a data-breach or were found to be vulnerable to such attacks.
Analysts even discovered one vendor storing victim data files on a server with critical security vulnerability, leaving the stored data accessible to all.
The study that Kaspersky Lab researchers performed also exposes the extent of the so-called stalkerware industry. Even programs that have been shut down or at least claim to be so, continue to be marketed through official social media channels and offer franchise-like business models to buyers.
Kaspersky Lab has been flagging potentially harmful apps that are not malware – including adware and so-called legal spyware – for years, even creating a specific “not-a-virus” notification. However, as the problem of privacy abuse has increased, it decided to reevaluate how information about certain types of threats was being communicated to customers.
Kaspersky Lab advises handset owners to take the following steps to make sure you are not a victim of a digital stalking:
- Only install mobile applications from official app stores, such as Google Play
- Block the installation of programs from unknown sources in your smartphone’s settings
- Never disclose the password or passcode to your mobile device, even if it is with someone you trust
- Never store unfamiliar files or applications on your device, as they could harm your privacy
- Change all security settings in your mobile device if you are leaving a relationship. An ex may undertake attempts to acquire your personal information in order to manipulate you
- Get control of programs running in the background and disable suspicious activity