WomensLaw serves and supports all survivors, no matter their sex or gender.

Hotline

Technology (iphones, etc)

Info on spyware on computers/phone, how to find it, etc.

It’s often hard to know for sure when one’s computer and phone are being remotely accessed or if there is spyware on them. I consulted with a colleague on the Safety Net project here at the National Network to End Domestic Violence about abusers remotely accessing technology. While I can’t speak to your specific situation, here is some information on remote access and spyware.

Remote Access through Account Information Alone

There can be a few ways an abuser accesses technology. One thing to consider is whether the abuser is using spyware/stalkerware, or if the abuser has accessed a victim’s accounts or devices another way. Spyware or stalkerware is an app, software program, or device that enables another person (such as an abuser) to secretly monitor and record activity about another person’s computer or phone. The term ‘stalkerware’ is a more recent term that draws attention to the invasive, intrusive, and dangerous misuse of these tools. Spyware enables remote monitoring to facilitate surveillance, harassment, abuse, stalking, and/or violence, without the user’s consent. The software may be “hidden” on the device, and does not provide explicit and persistent notification that the software is installed. Spyware or stalkerware can be installed on a computer or smartphone. It is usually difficult to detect and remove.

Generally, the monitoring software can only be installed on cell-phones by someone who has the device’s account information or if they have physical access to the device. For instance, on an Apple product, an abuser may have to know the person’s Apple ID and password to install stalkerware.

In addition, spyware is difficult and hard to install on fully functioning devices, but it is becoming easier and easier. For example, it used to be the case that Apple devices like an iPhone had to be “jailbroken,” which means the device’s operating restrictions were modified by the user, for someone to install spyware - but now there is spyware like mSpy that can be installed on iPhones and does not require jailbreaking the phone.

The alternative to spyware is where an abuser may have accessed a victim’s usernames and passwords, and used them to login to the victim’s accounts. This would allow them to remotely monitor activity on the account. For instance, a user with Google Maps activated may be sharing their location with the account or app attached, which an abuser may remotely access using the account information. Having access to someone’s accounts can share information such as location, things they have downloaded, pictures and more. Quite often this form of tracking is passive, meaning that the information gathered is not in real time.

To find evidence of remote access, many apps/programs have an option in the privacy settings where you can see who has been accessing the account. This information might include time and date of the last access, the IP address and sometimes the operating system of the person who logged in. For example, here are some links for finding this option in the privacy settings for:

Information collected from access to an account may be more limited than information gathered from spyware. If someone is sure the abuser is not using remote access to an account or app to monitor them, but had complete access to their devices, this could be spyware.

Spyware or Stalkerware

If spyware has been installed on a computer or device, it is difficult to detect and remove. Generally, many victims suspect spyware on the computer because the abuser tends to know more than they should about what the person is doing on the computer or device. Spyware could be installed either by the abuser physically accessing the computer to install the program (on devices), or the person opened an attachment from the abuser and the spyware was accidentally installed (on computers). If someone believes there is spyware on their computer, they could take the computer to a computer expert. This could be a computer technician at a business like Geek Squad or a computer repair shop, for instance. They are usually more knowledgeable about computer viruses and “malware.” “Malware” is short for malicious software, which is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

The user can run anti-spyware software that could scan their computer for spyware and malware, but although it might catch some spyware/stalkerware, it will not catch all monitoring programs, since stalkerware is created to be undetected. Also, be aware that if there is computer monitoring software on someone’s computer, checking to see if the spyware is on there could alert the abuser that the spyware has been found.

In some situations, this could cause the abuse to escalate. It is extremely difficult to remove monitoring programs, so the safest solution is generally to either get a new computer or a new hard drive for the computer. If a victim is worried their computer is being monitored, it is often recommended to use a computer the abuser has not had access to, buy a new computer, or use a computer such as one at a library or coffee shop. When someone who suspects spyware/stalkerware gets a new computer, one key element to keeping that computer safe is to not copy any files from the cloud, or from backups of the old computer into the new computer in case the spyware re-installs itself. You can see more information about spyware at Safety Net.

Likewise, someone may want to consider that if they begin to use a new computer or device, it could inform the abusive person of changes. If may be safe for a victim to use the infected devices sparingly and document if any changes or problems occur.

[INCLUDE THIS IF SHE ASKS ABOUT SPYWARE ON A CELL PHONE: Cell phone stalkerware is also very difficult to detect, just like spyware on a computer. There is forensic software that can detect it, like Cellebrite, but it’s only available to law enforcement and forensic investigators. Alternatives for everyday people are in development. In the mean time, here are some resources for a person who might have hacked technology: the CETA website has some useful resources for tasks like detecting spyware/stalkerware or hidden apps. In particular, you can take a look at the Mobile Spyware Concern Tips Guide from CETA as well as their Tech Disconnect Form. [INCLUDE THIS ONLY IF IN NYC: You may want to reach out to the Cornell Clinic to End Tech Abuse to see if this is something they can do.] Sometimes local law enforcement might be able to help.

Also, Operation: Safe Escape can potentially do a more general assessment to figure out what might be going on and boost your digital security. A lot of that doesn’t necessarily require forensic investigation. This organization is all-volunteer and the logistics of arranging it are tricky, but it’s a possibility.

Here are some ways to detect if there is, in fact, spyware on a cell phone:

  • the abuser knows more than they should know—and the knowledge could only be gotten from phone conversations;
  • there is excessive usage/drain on the phone battery and data usage;
  • the abuser had access to the phone at some point in time. Cell phone spyware requires physical access to install unlike a spyware on a computer.

Sometimes, if an abuser has never had physical access to the phone, it may turn out that the knowledge that an abuser gains from cell phone usage may come not from spyware, but from the abuser going through the phone’s call logs, online accounts, billing records, etc. Changing an online billing password may help to stop this type of monitoring. You can learn more about cell phone safety on Safety Net’s website.

In general, if someone doesn’t necessarily suspect that there is spyware on a phone or computer but they just want peace of mind because they are worried that it could be something the abuser may do at some point in time, it is generally recommended that s/he run anti-virus/anti-spyware programs on the computer. In general, to lessen the possibilities that spyware could be installed, people should be suspicious of emails coming from an abuser and not open any attachments in those emails or messages. There are also anti-virus/security protection apps available for phones that can be downloaded. These apps may help protect the phone from viruses or malware. Also, when safe to do so, try and limit physical access to any devices. If possible, s/he can lock down the computer or phone with a password so it’s more difficult for someone to get into it. You can learn more about password safety on Safety Net’s website.