Who stalks the stalkers? When it comes to Android security, stalkerware presents a double risk.

It’s common knowledge that mobile stalkerware undermines a target’s privacy. That’s kind of the point. A stalkerware incident often involves someone, such as a spouse, gaining physical access to someone’s smartphone and installing a monitoring app. They then use that software to remotely track what another person is doing on the device or spy on where they’re going.

What’s not so widely known is that stalkerware vendors don’t always code their apps correctly.

For instance, ESET found over 150 errors in 58 stalkerware Android apps. Those issues not only further compromised targets’ Android security and privacy, they also put the snoopers themselves at risk.

Read on to learn which weaknesses appeared most frequently in the apps surveyed.

Android Security Stalkerware Problems at a Glance

Out of the 158 issues ESET found, the most common type was insecure transmission of users’ personally identifiable information. This category accounted for 22 vulnerabilities, ranking higher than storing sensitive information on external media and exposing sensitive user information to unauthorized access, which account for 19 and 17 weaknesses, respectively.

The fourth most prevalent problem, at 17 weaknesses, was server leak of stalker information. ESET found that several stalkerware apps kept information about those using the app to track someone. It also stored a victim’s data on a server — even after the stalker requested that the service delete their information. That data might have included more information about the tracker in the event that they had an existing connection with the target.

Sometimes, victims’ information remained on a stalkerware service’s servers even after the snooper removed their account.

ESET reported the Android security and privacy issues to the stalkerware vendors as part of its 90-day responsible disclosure policy. As of reporting, only six responded by fixing the issues, while seven said that they were working on a fix. One vendor decided not to fix the reported issues; the rest didn’t respond.

The Growth of Stalkerware

ESET’s researchers also found that Android stalkerware detection increased by 48% between 2019 and 2020. This growth has continued into 2021. For example, Avast observed a 93% increase in the volume of spyware and stalkerware app detection over the first two months of the year. That’s compared to the same time period in 2020.

In response, some digital defense groups took action. For instance, the Coalition Against Stalkerware developed a standard definition of stalkerware, which encouraged research into the way it spreads. They also created TinyCheck for the purpose of detecting stalkerware apps, which can pose threats to Android security as well as to other brands of smart phones, in a more efficient manner.

How to Defend Against Stalkerware

The issues discussed above highlight the need for organizations to defend themselves against stalkerware. One of the ways they can do that is to educate their employees about what to look for. For example, smart phone users should delete unused apps and look for strange changes on their devices. In addition, never leave your devices unattended.

In the event organizations discover stalkerware installed on a connected device, they need to approach removal carefully. The best thing to do is to not notify the victim in a way that could be discovered on the compromised device. Instead, they should speak to the victim in person and proceed from there.

More from News

Securing critical infrastructure with the carrot and stick

4 min read - It wasn’t long ago that cybersecurity was a fringe topic of interest. Now, headline-making breaches impact large numbers of everyday citizens. Entire cities find themselves under cyberattack. In a short time, cyber has taken an important place in the national discourse. Today, governments, regulatory agencies and companies must work together to confront this growing threat. So how is the federal government bolstering security for critical infrastructure? It looks like they are using a carrot-and-stick approach. Back in March 2022, the…

650,000 cyber jobs are now vacant: How to tackle the risk

4 min read - How far is the United States behind in filing cybersecurity jobs? As per Rep. Andrew Garbarino, R-N.Y., Chairman of the HHS Cybersecurity and Infrastructure Protection Subcommittee, overseas adversaries have a workforce advantage over FBI cyber personnel of 50 to one. His statements were made during a recent subcommittee hearing titled “Growing the National Cybersecurity Talent Pipeline.” Meanwhile, recent CyberSeek data shows over 650,000 cyber jobs to fill nationwide. Given the rising rate of cyberattacks, these numbers are truly alarming. How…

Will data backups save you from ransomware? Think again

4 min read - Backups are an essential part of any solid anti-ransomware strategy. In fact, research shows that the median recovery cost for ransomware victims that used backups is half the cost incurred by those that paid the ransom. But not all data backup approaches are created equal. A separate report found that in 93% of ransomware incidents, threat actors actively target backup repositories. This results in 75% of victims losing at least some of their backups during the attack, and more than…

Should you worry about state-sponsored attacks? Maybe not.

4 min read - More than ever, state-sponsored cyber threats worry security professionals. In fact, nation-state activity alerts increased against critical infrastructure from 20% to 40% from 2021 to 2022, according to a recent Microsoft Digital Defense Report. With the advent of the hybrid war in Ukraine, nation-state actors are launching increasingly sophisticated attacks. But is this the most prominent danger facing companies today? While nation-state-based attacks cannot be ignored, it looks like insider cyber incidents are far more common. In fact, for the…