A Survivor-Centric, Trauma-Informed Approach to Stalkerware

Conference:  BlackHat USA 2021



Stalkerware is a complex problem that requires a nuanced approach and understanding of the survivor's threat model. It is primarily an abuse problem, not a technical problem. Supporting survivors requires empowering them to make their own decisions and taking their concerns seriously.
  • Stalkerware is often a result of sharing credentials in an abusive relationship.
  • Removing stalkerware may not always be the safest option and can lead to escalation of abuse.
  • Survivors have different threat models and may not be able to follow standard security practices.
  • It is important to believe survivors and take their concerns seriously, but not to narrowly focus on stalkerware.
  • Empowering survivors to make their own decisions is crucial.
  • Product designers should consider the unintended consequences of their products and the threat model of intimate partner violence.
  • Building connections with advocacy groups can help in understanding and addressing the issue of stalkerware.
The speaker shared a story of a divorce case where one spouse had purchased commercial spyware to monitor the other spouse's activities, even though they had not lived together for months. The issue was not the technological sophistication of the spyware, but the sharing of an account on a desktop computer when the couple was still living together. This illustrates how stalkerware is often a result of sharing credentials in an abusive relationship.


Stalkerware is a type of spyware that is often used to surveil intimate partners or ex-partners. While it has been around for many years, its use has seen an uptick in recent years, with some studies suggesting a particular increase during the COVID-19 pandemic.Technically, stalkerware is not particularly interesting: it is (primarily mobile) spyware and technically on par with commercial malware. But stalkerware is part of a broader ecosystem of technology-enabled abuse and coercive control, and therefore, technical means play only a small part in addressing it.In this presentation, we will explain what stalkerware is, how it works and under what pretense it is often marketed and sold. More importantly, we will explain that stalkerware is part of the much wider problem of technology-enabled abuse and coercive control, such as intimate partner violence (IPV), domestic abuse, harassment, stalking, sexual violence, and other forms of gender-based violence (GBV). A holistic understanding of abuse and coercive control and the psychological harms experienced by survivors is essential for anyone who may encounter stalkerware and similar forms of tech misuse and abuse in their professional or personal lives.The presentation will conclude with suggestions on what individual security practitioners can do when they encounter stalkerware, as well as what the security industry can do about stalkerware and tech abuse in general.