Android Stalkerware

Threat Overview

Stalkerware hides on mobile devices to monitor victims—often installed by someone with physical access. It captures GPS, SMS, photos, and messaging app content.

Attack Behavior

• Background GPS tracking
• Screen capture and keylogging
• Hidden launcher icons

Infection Methods

• Physical device access
• Social engineering to install "security" apps
• Abuse of enterprise MDM in coercive contexts

Symptoms & Indicators

• Battery drain
• Device warmth when idle
• Unknown admin or accessibility permissions

Immediate Mitigation

• Check device admin and accessibility settings
• Contact support organizations if in abusive situation
• Factory reset from trusted network if needed

Removal Guidance

• Remove device admin privileges
• Uninstall suspicious apps in safe mode
• Change all account passwords

Prevention Methods

• Use screen lock and biometrics
• Review installed apps regularly
• Privacy protection permission audits

Telemetry Indicators

• Accessibility service abuse
• Background location always-on
• Hidden app components