This guide is a part of a series that details how to collect evidence related to the misuse of technology in domestic violence, sexual assault, and stalking cases. Civil Systems. The series is part of a Legal Systems Toolkit that includes guides to assist prosecutors, law enforcement, and civil attorneys.
You can greatly assist survivors by giving the survivor the skills to gather the evidence themselves. Your participation in the process of gathering or storing evidence can lead to you being forced to testify in court, which can undermine confidentiality protections, and negatively impact both the survivor and the integrity of your program.
If you have questions, please contact Safety Net. Mobile devices hold intimate details of our lives and this single access point for information is usually a convenience. But for survivors of domestic violence, sexual violence, or stalking, an abusive person can misuse spyware to access a terrifying amount of information. This document includes information about how to identify a spyware case, how and where to look for evidence of spyware, and tips for gathering evidence. To install spyware on a mobile device, a person generally must have physical access to the device, or convince the user to install the software, often through deception.
For Apple products, devices will generally need to be jailbroken before these applications can be installed. While the Play Store for Androids does not allow applications to run covertly, the Android operating system does not enforce this requirement and spyware can be installed.
In addition to spyware applications that have a main purpose of remotely spying on someone, there are also applications that have legitimate purposes, but can be misused to access a device remotely or receive data from it. Dual-use applications may be purposefully downloaded by the user and they may not even be aware the abusive person has remote access to their device data through it.
There are also many applications with secondary features that share location data. Depending on what information the abusive person knows, it may be helpful to assess for the misuse of these types of apps as well. Though the use of spyware in domestic violence, sexual violence, and stalking cases has been well-documented for almost two-decades—first with computers and now with mobile devices—the methods used to monitor and collect information about survivors are often complex and may or may not include spyware.
It can be useful to start an investigation by considering all possible sources —including non-spyware options—for how an abusive person could be inappropriately obtaining information.
How do I identify if mobile spyware has been installed?
When a survivor is concerned that an abusive person knows too much information about them, tell them to trust their instincts. Ask about what information the abusive person seems to know and help them document behaviors and events to see if there is a pattern. For example, the abusive person might show up at places the same time as the survivor or may drop hints that they are collecting information about the survivor.
In one case, a survivor was looking at a particular pair of shoes online and shortly after the abusive person sent the survivor the exact URL and said they would look great on her. Hints, however, are not always so blatant. It is important to walk through experiences that have caused the survivor concern. Step 2 — Identify what information the abusive person is accessing. Identify each piece of information that the abusive person appears to have access to. If the survivor has gone to three different grocery stores and the abusive person has shown up each time, the abusive person may be accessing their real-time location through GPS.
The most common, non-technological explanation for an abusive person having too much information about a survivor is a friend or relative leaking the information. Friends or relatives might not understand the entire situation, and may unwittingly provide information.
Is there spyware on my phone? - TechSafety
Alternatively, someone may be spying on the survivor and purposefully reporting to the abusive person. Ask the survivor if any friends or relatives were privy to the information in question. Then, from that list of people, ask if any of them are or could be in contact with the abusive person. If so, the survivor may need to tell them to stop sharing information, or the survivor may need to stop sharing information with them. Step 4 — Consider everyday features and apps that contain the information.
An abusive person may inappropriately access information by misusing everyday features and apps used by the survivor. Ask the survivor where each piece of information may be stored. Is the work schedule in their email? Does the abusive person have access to the Find My iPhone feature? Knowing where the information is located will help narrow the focus in determining how the abusive person is getting the information. Step 5 — Consider information the survivor shares publicly.
Some survivors may unwittingly share private information through publicly accessible accounts, including social media. For example, they may have posted about their work shifts and not realized the privacy setting was set to public. It is important to understand what the survivor chooses to share about themselves and how. An online search for the survivor can be helpful. Identify what social media platforms are used and then identify what information is accessible or visible to the general public.
They may be posting publicly, rather than privately or the abusive person may be connected to a third-party who can see that activity. Help survivors review privacy settings so they can make informed choices about who has access to their information.
If no other leaks of information can be identified or if the abusive person knows too much without explanations, look for evidence of spyware. Normal use will avoid tipping off the abusive person of suspicions, allowing more time to collect evidence before it is destroyed. It is important to speak with survivors about the pros and cons of this strategy, as well as strategies to use their devices in more secure ways. Some people may feel safest getting rid of the device or doing a factory reset to try to rid of the spyware.
Evidence of spyware misuse can clearly demonstrate how the abusive person created an environment of fear and control. Unfortunately, useful evidence is not always properly sought out, is accidentally deleted, or is not collected properly. Luckily for the targets of those small-time spies, however, it turns out that consumer-grade snoopware is much, much shoddier than the professional variety. At the Defcon hacker conference this weekend, forensics expert and former Pentagon contractor Michael Robinson plans to give a talk on how to detect a range of commercial spyware, programs like MobileSpy and FlexiSpy that offer to let users manually install invisible software on targets' phones to track their location, read their text messages and listen in on their calls, often for hundreds of dollars in service fees.
Robinson tested five commercial spying tools on five different devices--four Android devices and an iPhone. In most cases, he found that uncovering the presence of those spyware tools is often just a matter of digging through a few subdirectories to find a telltale file--one that often even specifies identifying details of the person doing the spying.
- Please review our terms of service to complete your newsletter subscription.;
- how to track a stolen cell phone!
- How to Detect and Remove Spyware from Your iPhone?
- Popular Topics?
Here's a rundown of each of the tools and devices Robinson tested and the spyware giveaways he found. Though he used a collection of multi-thousand dollar forensic software--UFED Physical Analyzer, Microsystemation XRY and Paraben's Device Seizure--to find these clues, a user without those tools can check for the same evidence in most cases. I contacted all the companies that provided any sort of contact information and will update the story if I hear back from them. The only spyware that didn't present obvious clues visible to the average user was Spyera , running on an iPhone.
The real difficulty in detecting the software stemmed not from its stealthiness, but from the difficulty of accessing the file directory on an iOS device. One hint, however, is that Spyera requires the phone be jailbroken. So if the user can find evidence of jailbreaking such as the app Cydia or other tweaks to the OS, it may be a sign someone has tampered with the phone to allow spying.
brijcartmenka.tk When in doubt, simply restore the phone from a backup or upgrade its firmware to un-jailbreak it. And then try not to let your phone out of your sight.