Categories
cybersecurity stalkerware

Using Traced to stay protected from stalkerware

The Traced app is purpose-built to protect you from apps that spy on you, known as stalkerware. Stalking apps are normally installed on your phone in secret, by somebody who knows you. They allow that person to stalk you by tracking your location, watching what you type, listening to your microphone and even looking through your camera, whenever they like.

Traced watches out for stalkerware in four different ways:

1. When it’s installed

Traced detects suspicious apps when they’re installed. 

To get around Google’s rules for what’s allowed on the Play Store, stalkerware apps are sometimes branded as “family trackers” or “employee trackers”. Once the apps are on your phone they try to hide and may use dull, functional names like “Wi-Fi” so they don’t draw attention to themselves.

Stalkerware doesn’t have to come from the Play Store at all though – it can be installed in other ways too (we’ve written more about those in our article on how stalkerware gets on your phone).

Traced alerts you if a suspicious app is installed and displays it in your Events Timeline.

Figure 1 – Events Timeline showing a high-risk install event
Figure 2 – The high risk app install of “Wi-Fi” (the stalkerware app) from an non-trusted source (not the Google Play Store)

2. When it uses your camera or microphone

Traced knows which apps have permission to use your camera and microphone and it detects when they are used.

Because lots of applications use the camera legitimately, the Traced app also looks at the context in which the camera is being used and makes a decision about whether it was done with your approval.

If Traced believes the camera access was not consensual (as in the case of stalkerware), it raises the risk of that event and alerts you to it.

Figure 3 – Risky camera access detected. Remember that “Wi-Fi” here is the name of a stalkerware app.

3. If Google Play Protect is turned off

When stalkerware is installed it will often get the person installing it  to turn off Android’s built-in antivirus, Google Play Protect services.

The Traced app makes an entry in your Event Timeline whenever the Google Play Protect service is turned on or off, and it alerts you in Device Protection when it’s turned off.

Figure 5 – Turning off Google Play Protect is a high risk event

4. When risky apps access your location

Because it’s very difficult to detect which app is accessing your phone’s location, and lots of legitimate apps do it all the time, the best thing to do is to turn off the ones you don’t need.

Traced helps you to do this by adding an entry to your Event Timeline when your location is tracked. You can click on the entry to see which apps with access to your location were running at the time.

We suggest you don’t let any apps access your location, apart from the ones you know you’re happy to share it with. You can do this in the Traced app by clicking on the app in question, clicking Change permissions and then turning the location permission off.

Figure 6 – list of apps with access to your location, including stalkerware called “Wi-Fi”.

Need help?

We always like to hear feedback from ours users. If you have anything think we should explain further, add to the app, or write about in the future, do let us know.

Leave a Reply

Your email address will not be published.