Site navigation

The Spy Who Loved Me – How Apple are Failing Stalkerware Victims

Russel Kent-Payne


Russell Kent-Payne, Director at mobile security experts, Certo, explores Apple’s approach to stalkerware.

During their lifetime, one-in-five women and one-in-10 men in the United Kingdom will be victims of stalking. That means that they were the subject of someone’s obsession to a point where they feared for their own safety.

While the Crime Survey of England and Wales does not provide data for cyberstalking, evidence from the United States suggests one-in-four people report the use of technology as one of the main forms of stalking.

An obvious target for a stalker is their victim’s phone. Our phones store an incredible amount of information about us. What we do in our daily lives, locations we frequent, who we talk to, where we work, where we exercise, where we buy food, etc. The list goes on.

For someone with an obsession, getting access to a mobile device is like hitting the jackpot. Unfortunately, this has never been easier with the new class of cheap, easy to install spyware that is now available on the market for bargain-bin prices as low as £30.

It doesn’t take a computer science degree to hack someone’s device anymore. This simple-to-use software is commonly known as ‘stalkerware’ or sometimes ‘spouseware’, given its prevalent use in domestic abuse cases by violent partners and angry exes to track their victim’s phone activity, steal their personal information and track their location.

As a result of the increasing ease of implementing stalkerware, the Coalition Against Stalkerware, of which Certo is a member, was founded in late 2019. The aim of the coalition is to combat technology facilitated abuse.

It unites both organizations that work to end domestic violence and the IT security community in the fight against mobile stalkerware.

The main culprits

The two main providers of ‘spouseware’ are companies called FlexiSpy and mSpy. They describe the software they develop as a tool for families – e.g. parents wanting to keep an eye on their kids when they’re out and about.

However, while companies like FlexiSpy and mSpy state that their software shouldn’t be used on someone’s device without their permission, the research shows that this is overwhelmingly ignored by their users.

In fact, these companies seem to know this and have even been spotted advertising their software as a way to ‘catch a cheating spouse’ or something similar, and that’s where a lot of the problems begin to surface.

Once this type of software is installed on a victim’s device, the ‘hacker’ then has access to the text and chat messages, photos, videos, calendar, call logs and more.

Not only that, but the software can also record phone calls, video calls as well as logging everything typed using the keyboard including passwords to all online accounts, etc.

On top of all this, the hacker can completely hide any evidence of hacking from the victim. They would have absolutely no idea that their data is being stolen.

These companies aren’t the only two examples of spyware like this. There are over 25,000 examples of software that can perform similar functions available on the market – many of which can be downloaded from the official app stores.

Whilst Android is more susceptible to this type of software, iOS devices are by no means immune – and that’s where the real problem lies. Apple isn’t allowing iOS users to protect themselves.

You see, if you are on Android and you’re worried about this type of software getting onto your device, it’s simple enough to open up the Google Play Store and install some form of anti-spyware app.

But if you’re in Apple’s ecosystem you’ll find it much harder to protect yourself.



Apple doesn’t allow anti-spyware apps onto their App Store. Due to the way iOS devices work, Apple has made it impossible for these types of apps to exist.

Furthermore, Certo’s experience with the company has revealed that Apple goes so far as to not even allow the word “spyware” to appear within any security app, even in the context of protecting against the threat.

It’s long been the belief among many Apple users that their devices are ‘unhackable’ and Apple, it seems, is happy to let them think this.

However, there have been many reports of iPhone hacking in recent years, and it could be starting to affect users’ perception of just how secure iOS is.

It’s certainly strange that the most popular phone in the UK has no easy way for the user to check if someone has hacked their device.

Unfortunately, Apple isn’t showing signs of changing this any time soon, so we’ve written a list to help you know exactly what you can do to help prevent stalkerware finding its way onto your device.

Always keep iOS up to date

Most stalkerware relies on ‘hackers’ being able to bypass iOS security by exploiting vulnerabilities in out-of-date iOS versions.

Keeping the latest version of iOS on your device helps to reduce the likelihood of this type of software being installed on your device. It’s your main protection against this type of hacking.

Create a strong passcode for your device

A strong passcode ensures that only you know how to log into your device.

This is the first line of defence against someone looking to install malicious software onto your device.

Ensure two-factor authentication is enabled

Enabling two-factor authentication allows you to prevent someone accessing your personal information stored on iCloud, even if they know your AppleID credentials. This often includes a complete backup of your device which can be used to create a ‘clone’.

If you are worried that stalkerware or spyware may already be installed on your iPhone, then even though there aren’t any solutions available on the App Store, there are some non-App Store tools that can detect if you’ve been a victim of stalkerware.

Even if you’ve never been a victim of stalkerware yourself, it’s essential to arm yourself with the right knowledge to help prevent you or a friend/family member becoming a victim to this type of abuse in the future.

Russel Kent-Payne

Director, Certo

Latest News

Data Protection Editor's Picks
Digital Transformation Events
Cybersecurity Editor's Picks
%d bloggers like this: