The latest Kaspersky State of Stalkerware 2023 report reveals almost 31,000 mobile users worldwide were subjected to stalkerware, clandestine surveillance software utilized by domestic abusers to monitor their victims. But it’s not just stalkerware software that is a problem, 40% of surveyed people worldwide stated they have experienced stalking or suspected being stalked.
Stalkerware typically masquerades as legitimate anti-theft or parental control apps on smartphones, tablets, and computers, but in reality, they are very different. Installed – usually without consent and notification of the person being tracked – they provide a perpetrator with the means to gain control over a victim’s life. Stalkerware capabilities vary depending on the application.
The State of Stalkerware is an annual report by Kaspersky which aims to provide a better understanding of the globally number of people affected by digital stalking. In 2023, Kaspersky data reveals 31,031 unique individuals around the world were affected by stalkerware, an almost six percent year-on-year increase (5.8%) increase of the 29,312 users affected in 2022. The figures reverse the downward trend of 2021, confirming digital stalking continues to be a global problem.
According to the Kaspersky Security Network, in 2023, users in Russia (9,890), Brazil (4,186), and India (2,492) were the top three countries most affected. Iran entered the top five in the previous year and remains. When compared to 2021, the top 10 affected countries have changed little. While Germany dropped from seven to 10, Saudi Ariba (ranked eighth in 2022) is not most affected this year.
Country | Affected users | |
1 | Russian Federation | 9,890 |
2 | Brazil | 4,186 |
3 | India | 2,492 |
4 | Iran | 1,578 |
5 | Turkey | 1,063 |
6 | Indonesia | 871 |
7 | United States of America | 799 |
8 | Yemen | 624 |
9 | Mexico | 592 |
10 | Germany | 577 |
Table 1 – Top 10 countries most affected by stalkerware in the world in 2023
Stalking and violence – offline and online
The spectrum of abuse is diverse, with over one-third (39%) of respondents worldwide reporting experiences of violence or abuse from a current or previous partner. Of those questioned for the report, 23% of people worldwide revealed they have encountered some form of online stalking from someone they were recently dating. Furthermore, overall 40% reported experiencing stalking or suspecting being stalked.
On the other side, 12% admitted to installing or setting parameters on their partner’s phone, while nine percent acknowledged pressuring their partner to install monitoring apps. Nevertheless, the notion of monitoring a partner without their awareness is disapproved by the majority of individuals (54%), reflecting a prevailing sentiment against such behaviour. Regarding attitudes toward consensually monitoring a partner’s online activities, 45 percent of respondents express disapproval, highlighting the significance of privacy rights. Conversely, 27 percent support full transparency in relationships, viewing consensual monitoring as appropriate, while 12 percent deem it acceptable only when mutual agreement is reached.
“These findings highlight the delicate balance individuals strike between intimacy and safeguarding personal information. It’s positive to observe increased caution, especially regarding sensitive data like security device passwords. The reluctance to share such critical access aligns with cybersecurity principles. The willingness to share streaming service passwords and photos signifies a cultural shift, though individuals should recognize potential risks even in seemingly innocuous information sharing. These insights underscore the importance of fostering open communication within relationships, establishing clear boundaries, and promoting digital literacy. For security professionals, it reinforces the need for ongoing education on cybersecurity best practices and empowering individuals to make informed decisions about sharing personal information within relationships,” said David Emm, security and data privacy expert at Kaspersky.
The fight against stalkerware needs partnerships
In most countries around the world, use of stalkerware software is currently not prohibited but installing such an application on another individual’s smartphone without their consent is illegal and punishable. However, it is the perpetrator who will be held responsible, not the developer of the application. Along with other related technologies, stalkerware is one element of tech-enabled abuse and often used in abusive relationships.
Erica Olsen, Senior Director, Safety Net Project, National Network to End Domestic Violence (NNEDV) commented on the report: “This report highlights both the prevalence of stalking behavior perpetrated with technology and the related perceptions on privacy within intimate partner relationships. The use of stalkerware or any tool to monitor someone else without their consent is a violation of privacy and a common tactic of abuse. This report demonstrates how abusive individuals use a wide range of monitoring tactics, including both stalkerware and other applications that facilitate the sharing of personal information.
The report also explored the norms and perspectives on privacy within intimate partner relationships. A significant portion of respondents reported they would willingly share some information, whether for safety reasons or otherwise. A small percentage, 4%, stated they reluctantly agreed to monitoring at their partner’s insistence – this is not the same as consent. It’s important to create a clear distinction between consensual sharing and non-consensual monitoring. Consent is agreement free of force or coercion.”
Commenting on the report findings, Emma Pickering, Head of Technology-Facilitated Abuse and Economic Empowerment Team at Refuge said: “The statistics highlighted in this report are really concerning, but we are sadly not surprised. Here at Refuge, we are seeing an alarming increase in survivors reporting concerns relating to stalkerware. As these statistics reveal, the issue of stalkerware is a widespread concern.
It is likely that we are seeing this due to an increase in stalkerware features within parental monitoring Apps making the ability to stalk ever more accessible. While we are actively looking for stalkerware that is intended towards monitoring your ex-partner there are many other forms of stalkerware available that is aimed towards an audience who download the Apps without understanding the full features, or to be used for other nefarious reasons.
It is also very important to note that we rarely see any form of tech abuse used in isolation. Alongside stalkerware, abusers are often misusing other forms of technology to cause harm and distress. This is why we should always ensure, as agencies, we are completing a detailed tech assessment and supporting survivors to regain access to all accounts and devices. For this reason it is imperative that we continue to work together with the wider tech community to understand the technology being used, to try to prevent it being used for harm and to try and build in safety by design collaboratively.
Sadly, we recognise that for many survivors setting passwords on devices or not sharing the device or password is not a luxury they are afforded. We do advise if anyone is concerned, to always use a safe device to make contact with an agency for support, and that for any sensitive conversations, emails or searches, that they do not conduct these on the device that they are worried may being monitored.”
Stalkerware is foremost not a technical problem, but an expression of a problem which requires action from all sections of society. Kaspersky is not only actively committed to protecting users from this threat but also maintaining a multilevel dialogue with non-profit organizations, and industry, research and public agencies around the world to work together on solutions that tackle the issue.
In 2019, Kaspersky was the first cybersecurity company in the industry to develop a new attention-grabbing alert that clearly notifies users if stalkerware is found on their device. While Kaspersky’s solutions have been flagging potentially harmful apps that are not malware – including stalkerware – for many years, the new notifications function alerts the user to the fact that an app has been found on their device that may be able to spy on them.
As this is part of a wider problem, Kaspersky is working with relevant experts and organizations in the field of domestic violence, ranging from victim support services and perpetrator programs through to research and government agencies, to share knowledge and support professionals and victims alike.
In 2019, Kaspersky also co-founded the Coalition Against Stalkerware, an international working group against stalkerware and domestic violence that brings together private IT companies, NGOs, research institutions, and law enforcement agencies working to combat cyberstalking and help victims of online abuse. Through a consortium of more than 40 organizations, stakeholders can share expertise and work together to solve the problem of online violence. In addition, the Coalition’s website, which is available in seven different languages, provides victims with help and guidance in case they may suspect stalkerware is present on their devices.