Digital violence against women
Who wants to check on his smartphone, for example, if the partner or an employee has secretly installed spyware on it, has bad cards. IT security expert Cian Heasley comes to this conclusion after a test with 13 spyware variants and the free antivirus apps seven well-known providers.
Heasley works for a cybersecurity firm in Edinburgh, and in his spare time "since the end of last year" has been working on spyware, also called stalkerware, as he writes in an e-mail to SPIEGEL.
Providers place legitimate usage scenarios in the foreground
The programs can inter alia record calls or passwords, monitor messenger apps and reveal the location, but are well hidden on the victim's device. (Read more about stalkware here.)
Many are officially offered as anti-theft or as a security measure for parents who want to know where their children are. But even the descriptions of some providers are unequivocally addressed to jealous partners and ex-partners, as Heasley documents. Occasionally, however, the mere functional description makes it clear that an app can also be used to illegally monitor others. Frequently, such programs are bought by men.
He has found 13 of these apps through simple Google searches like "Android spy" and "Android phone monitor" - a "somewhat unscientific method," he admits, also limited to Android versions. They include BlurSPY, Easy Logger, Hellospy, Hoverwatch, iKeyMonitor, LetMeSpy, Mobile Tracker Free, Shadow SPY, SpyHuman, Spyzie, TheTruthSpy, TrackView and Xnspy.
After installing and activating the apps on an Android smartphone, he ordered the free anti-malware solutions from Kaspersky, Malwarebytes, TrendMicro, McAfee, Avast, AVG (which also belongs to Avast) and Norton.
A blacklist with stalkerware would not be a purely technical decision
The best impression was made by Kaspersky and TrendMicro. Both only ever overlooked stalkerware, MalwareByte's three out of 13. Norton found five, Avast and AVG only four.
Nikolaos Chrysaidos, head of the Avast Mobile Threat Intelligence team, said on SPIEGEL's request, "Research like that of Cian Heasley is important, we looked at the apps and acted: users of Avast and AVG are now against the specific apps We also work to make the entire app families discoverable so that tomorrow's users will be protected from related applications from the same vendors. "
The worst result in the test of Heasley provided McAfee, the app found only a single spy program. When approached by Heasley, a manager from the company said there was some prospect of improvement.
Technically, it would not be complicated to discover the well-known apps. Heasley herself lists, among other things, her names and the names of her package files. A malware protection with a corresponding blacklist would immediately identify them unequivocally. Heasley explains this with different priorities for antivirus vendors - and "that many companies selling stalkware are trying to prioritize more legitimate usage scenarios."
Bad test results are "actually dangerous for those affected"
Classification as a malware would therefore be a matter of attitude rather than technology in such cases. "We need a consensus on where the limits of acceptable use of these apps are," says Heasley, "and be it in the form of antivirus company policies."
Anne Roth, Network Policy Officer of the Left Group in the Bundestag, has been working for a long time on the different forms of digital violence against women. She says, "The fact that companies are now beginning to label stalkware as malware is a step in the right direction, but it is of course annoying that many of these apps are not yet recognized - not only annoying, but actually dangerous for those affected, who do not suspect that and how detailed they are being monitored. "
But the problem should not be left to IT security companies alone, she concludes: "What is missing so far is a debate about whether it is really an acceptable business model for making money to support domestic violence by selling surveillance software. " The next step for Roth would be to get online payment service providers to stop processing payments for stalkerware - or to ban the distribution of such apps altogether.