HydraWatch All articles
Account Security & Privacy

Silent Tenant: How Stalkerware Colonizes Your Smartphone and What It Takes to Remove It

HydraWatch
Silent Tenant: How Stalkerware Colonizes Your Smartphone and What It Takes to Remove It

Your smartphone knows more about you than most people in your life. It holds your location history, your private conversations, your financial logins, and — if you have ever used it to record a video or take a photo — a window into the most intimate spaces of your home. For the overwhelming majority of Americans, that intimacy is protected by nothing more than a PIN code and the assumption that no one they trust would ever violate it.

That assumption is exactly what stalkerware is built to exploit.

What Stalkerware Actually Is

Stalkerware refers to a category of commercially marketed applications designed to run invisibly on a target's device, transmitting data to a remote operator without the target's knowledge or consent. Unlike enterprise mobile-device-management software — which is disclosed to employees and governed by workplace policy — stalkerware is engineered specifically to avoid detection. Its developers market it openly, often under euphemisms like "parental monitoring," "employee oversight," or "relationship transparency" tools, while simultaneously advertising its ability to remain hidden from the person being surveilled.

The capabilities these products offer are extensive. Depending on the application and the device's operating system, a stalkerware installation can silently harvest SMS and iMessage threads, log calls, capture keystrokes, record ambient audio through the microphone, activate the camera, extract photos, track real-time GPS location, monitor social media and dating app activity, and transmit all of it to a web dashboard accessible to the perpetrator from anywhere with an internet connection.

The targets are disproportionately intimate-partner violence survivors. A 2021 report by the Coalition Against Stalkerware found that the majority of confirmed stalkerware cases documented by domestic-violence organizations involved a current or former romantic partner as the perpetrator. The software is not a hacking tool in the traditional sense — it requires brief physical access to the unlocked device to install. That access is frequently available to abusers.

How These Applications Are Distributed and Disguised

On Android devices, stalkerware is typically distributed outside the Google Play Store through a process called sideloading — downloading an APK file directly from a vendor's website and enabling a device setting that permits installation from unknown sources. The perpetrator enables that setting, installs the application, disguises it under an innocuous icon (a calculator app is a common cover), and re-locks the setting before returning the phone.

Apple's iOS ecosystem is more restrictive, but not impenetrable. Some stalkerware vendors have exploited enterprise certificate programs — the same mechanism corporations use to distribute internal apps — to push their software onto iPhones. Others rely on iCloud credential theft: if an abuser obtains the victim's Apple ID and password, they can access iCloud backups and location-sharing features without ever touching the physical device. Jailbroken iPhones remain vulnerable to the full range of installation techniques available on Android.

Once installed, many stalkerware applications actively work to conceal themselves. They suppress their icon from the application drawer, exclude themselves from battery-usage statistics, and in some cases disable notifications that would reveal their network activity. Some variants intercept and delete the SMS confirmation messages that certain monitoring services send to the device being watched.

Warning Signs Your Device May Be Compromised

No single indicator is definitive, but a cluster of the following symptoms warrants serious attention.

Unexplained battery drain. Applications that continuously harvest data, activate the microphone, or ping GPS coordinates consume power at rates inconsistent with normal standby behavior. If your battery life has degraded sharply without a corresponding change in your own usage, that is worth investigating.

Elevated data consumption. Stalkerware must transmit what it collects. Check your device's cellular data usage breakdown — on both Android and iOS, the settings menu lists data consumption by application. An unfamiliar process consuming significant data in the background is a red flag.

Unfamiliar applications or processes. On Android, navigate to Settings > Apps and review every entry, including those with generic or system-sounding names. On iOS, review your installed profiles under Settings > General > VPN & Device Management; any profile you did not install yourself is suspicious.

Unusual device warmth during idle periods. Continuous background processing generates heat. A phone that feels warm when it has been sitting untouched may be doing more than you authorized.

A partner who seems to know things they shouldn't. This is perhaps the most significant warning sign of all — if someone in your life consistently demonstrates knowledge of conversations, locations, or plans they had no legitimate way of knowing, technology-facilitated surveillance should be among the explanations you consider.

The Legal Gray Zone — and How the FTC Is Responding

Stalkerware vendors have long operated in a regulatory no-man's-land. The products themselves are legal to sell in most US jurisdictions; what is illegal is deploying them against someone without consent. Vendors have historically exploited this distinction, arguing that their software is intended for lawful monitoring use cases while discavowing responsibility for how customers actually employ it.

Federal regulators have grown increasingly impatient with that argument. In 2021, the Federal Trade Commission took action against SpyFone and its CEO, Scott Zuckerman, issuing a ban that prohibited the company from operating in the surveillance industry and required it to notify victims whose data had been compromised. In 2023, the FTC followed with a similar action against Support King, the operator of SpyPhone, and later against Surveillance Technologies — each case reinforcing the agency's position that covert surveillance products are inherently deceptive and harmful regardless of their stated marketing purpose.

At the state level, laws vary considerably. Several states have amended their wiretapping or computer-fraud statutes to explicitly cover covert device monitoring, but enforcement remains inconsistent, and civil remedies for victims are often difficult to pursue.

Removing Stalkerware Safely — and Why Caution Matters

This is the step most guidance underemphasizes: removing stalkerware carelessly can escalate danger. If an abuser loses visibility into a victim's device without warning, the loss of that surveillance capability may itself provoke a violent response. Safety planning should precede any technical remediation.

Contact a domestic-violence resource first. The National Domestic Violence Hotline (1-800-799-7233) has staff trained in technology-facilitated abuse and can help you think through safety considerations before you take any action on your device. The Coalition Against Stalkerware (stopstalkerware.org) maintains a directory of support organizations with specific digital-safety expertise.

Use a separate, trusted device for research. Do not search for information about stalkerware removal on the device you believe is compromised. Use a friend's phone, a library computer, or a device the perpetrator has never had access to.

Consider a factory reset or device replacement. The most reliable way to remove stalkerware from an Android device is a full factory reset, which wipes all installed applications. For iPhone users, a full restore through iTunes or Finder — not an iCloud restore, which could reintroduce the compromise — is the equivalent step. If circumstances allow, replacing the device entirely eliminates residual risk.

Change credentials from a clean device. After remediation, change every password and revoke connected sessions from a device you trust. Enable two-factor authentication on accounts that support it, and audit which applications and services have location-sharing enabled.

Preserve evidence if you intend to pursue legal action. Before wiping the device, consult with a domestic-violence advocate or attorney about whether documentation of the stalkerware installation could support a protective order or criminal complaint. Photographs of suspicious applications, data-usage anomalies, or device profiles may be relevant.

A Closing Note on the Broader Ecosystem

Stalkerware does not exist in isolation. It is one instrument within a broader pattern of coercive control — one that has become dramatically more capable as smartphones have become the central repositories of human life. The vendors who build and sell these products profit from that intimacy, and from the legal ambiguity that has historically shielded them.

Regulatory enforcement is tightening, but it has not yet caught up with the scale of the problem. For now, awareness remains the most accessible line of defense: knowing what stalkerware looks like, recognizing its behavioral signatures, and understanding that help exists before, during, and after the process of removing it.

All articles

Related Articles

Connected and Compromised: The Hidden Threat Lurking on Every Public Wireless Network You Trust

Connected and Compromised: The Hidden Threat Lurking on Every Public Wireless Network You Trust

Permanent Damage: Why a Breach at Your DNA Testing Company Is Unlike Any Hack You Have Ever Survived

Permanent Damage: Why a Breach at Your DNA Testing Company Is Unlike Any Hack You Have Ever Survived

Logged In Without a Password: The Underground Trade in Stolen Session Cookies That Renders Your Credentials Irrelevant

Logged In Without a Password: The Underground Trade in Stolen Session Cookies That Renders Your Credentials Irrelevant