Concerned a Domestic Abuser May Have Put Stalkerware on My Phone

[jsmith50]

Recently, I’ve learned of a type of malware called stalkerware. Based on the fact that the domestic abuser sent GPS trackers via text message on two occasions over the past 1.5 years while I tried to get away from him and two other strange phone behaviors—my cell service being disconnected when I try to get away and weird website redirects (more on that below)—I believe there is stalkerware on my phone.

Three days ago, I noticed the website of a major retailer redirected to a different website. This was significant because it started happening within hours of me deleting a website documenting the domestic abuser’s abuse and social media links to the website, which had been online for over a month. On the website, I talked about a serious felony the domestic abuser is covering up.

The website in question is typically the first website I visit every day. It is a major retailer, and I check their daily deals. This is what happens: When I visit the website, which shows up as example.com in Firefox (replace example.com with a major retailer’s domain name), instead of redirecting to m.example.com, it redirects to m.com (not a valid website). I tried reinstalling Firefox on my phone, but it still happens. It does not occur in Chrome, however. When I try visiting example.com/directory, it redirects to m.com/directory. If I visit www.example.com (note the inclusion of the www), it properly redirects to m.example.com. Because it’s now been three days, I think you can rule out a domain propagation issue (which I never thought it was, given what I had done earlier that day).

These are my questions (answer as many as you can):

1. How can I tell if there is stalkerware on my Android phone?
2. If there is stalkerware on my phone, how can I remove it?
3. How was the domestic abuser able to achieve putting stalkerware on my phone? (Note: Luckily, I don’t believe the domestic abuser ever had physical access to this phone, but he would have had physical access to previous phones I owned. Also note: When I traded in my previous phone due to fears of hacking, the domestic abuser insisted on having a private conversation with the Verizon employee at the store. Later, when the employee was having me delete the phone’s contents in Settings, he grabbed the phone out of my hands and checked a few boxes or something in Settings without me seeing what he was doing.
4. Was the aforementioned Verizon employee setting up a back door for the domestic abuser to use with my new phone?
5. How can I avoid the domestic abuser putting stalkerware on my phone in the future?
6. How can I fix the issue with the domain example.com redirecting to m.com?
7. The last question is optional and more philosophical: How do I live my life normally again knowing the domestic abuser may be tracking my every move on my phone? I am scared to visit websites freely as I had done for decades.

Note: I am currently accessing this website via a public computer, so there may be significant delays between my replies. Know that your input is worth every second of your time to me. Just for the record, I am not involved in any illegal activity, so I think that rules out the NSA toying with me (which is not something I think they do, anyway).

 

[Dannydet]

Throw away your current device, create a new Gmail account with brand new credentials, and move on.
This is based on the info you have provided.... But that's just me being paranoid.

 

[ocnbrze]

1.malwarebytes is what you want:
https://www.malwarebytes.com/lp/sem...ueB1gmykidnu2h-hycXCvFHN3idOC1wRoC4BUQAvD_BwE

they have an android app you can install on your phone.

2.if there is malware than a hard reset will delete it.

3.malware can come by ways of many means. basically it is an app that is downloaded and installed. sometimes they can come hidden when you download an app from the play store.

4.doubt a Verizon employee would do this. it is possible, but why would they do this? i have verizon and have the utmost respect for their technicians.

5.setup two step verification on all of your accounts where applicable and be cautious on what you download and install on your phone.

6. use a different browser duckduckgo is a good one to use.

7.there is no way someone can do this. any tracking software will need to be installed. and the only way to do this is either by you installing it.....or a person will need access to your phone to install it.

soooooo.......like i said setup two step verification on all of your accounts. and either hard reset your device or get a brand new one. and relax.....maybe go get some help professionally. living your life scared is not living at all.

i hope this helps and good luck.

 

[jsmith50]

Throw away your current device, create a new Gmail account with brand new credentials, and move on.
This is based on the info you have provided.... But that's just me being paranoid.

Thank you. Unfortunately, the Gmail I account I use is a really good one I got when I believe they were still in Beta. I want to keep using this account, if possible.

Why do you think I would need a new Google account? Are there any settings in the Google account I can check to make sure the account is safe?

Furthermore, do you really think a new device is necessary? See ocnbrze's post below, where he says a hard reset will get rid of malware. I guess I'm not sure how sophisticated malware can be in this regard.

1.malwarebytes is what you want:
https://www.malwarebytes.com/lp/sem...ueB1gmykidnu2h-hycXCvFHN3idOC1wRoC4BUQAvD_BwE

they have an android app you can install on your phone.

2.if there is malware than a hard reset will delete it.

3.malware can come by ways of many means. basically it is an app that is downloaded and installed. sometimes they can come hidden when you download an app from the play store.

4.doubt a Verizon employee would do this. it is possible, but why would they do this? i have verizon and have the utmost respect for their technicians.

5.setup two step verification on all of your accounts where applicable and be cautious on what you download and install on your phone.

6. use a different browser duckduckgo is a good one to use.

7.there is no way someone can do this. any tracking software will need to be installed. and the only way to do this is either by you installing it.....or a person will need access to your phone to install it.

soooooo.......like i said setup two step verification on all of your accounts. and either hard reset your device or get a brand new one. and relax.....maybe go get some help professionally. living your life scared is not living at all.

i hope this helps and good luck.

Thank you so much!

I might respond in greater depth to your post later.

So as to not arouse suspicion, I’m thinking it might be better to do a hard reset of the device first and install anti-malware software later. Do you think this makes sense?

Do you think Norton 360 for Android would work as well? (Unfortunately, my Norton 360 account is shared with the domestic abuser, so this might not be a good idea.) Or would you recommend Malwarebytes? If I get Malwarebytes, will the free version work or should I download the version you pay for? I’ve heard the antivirus programs like Norton just find Windows security threats; are you sure Malwarebytes will detect stalkerware made for Android?

Thanks again so much to both of you for responding.

 

[mikedt]

Thank you. Unfortunately, the Gmail I account I use is a really good one I got when I believe they were still in Beta. I want to keep using this account, if possible.

Why do you think I would need a new Google account? Are there any settings in the Google account I can check to make sure the account is safe?

Furthermore, do you really think a new device is necessary? See ocnbrze's post below, where he says a hard reset will get rid of malware. I guess I'm not sure how sophisticated malware can be in this regard.

Definitely change your Google Account password and enable two-factor authentication

Thank you so much!

I might respond in greater depth to your post later.

So as to not arouse suspicion, I’m thinking it might be better to do a hard reset of the device first and install anti-malware software later. Do you think this makes sense?

Do you think Norton 360 for Android would work as well? (Unfortunately, my Norton 360 account is shared with the domestic abuser, so this might not be a good idea.) Or would you recommend Malwarebytes? If I get Malwarebytes, will the free version work or should I download the version you pay for? I’ve heard the antivirus programs like Norton just find Windows security threats; are you sure Malwarebytes will detect stalkerware made for Android?

Thanks again so much to both of you for responding.

Yeh, that's not a good idea. Although quite frankly I think these so called "security" things are basically snake-oil, and their main purpose to part you from your $$$.

 

[jsmith50]

This is my second and last post for the day.

1. I just wanted to add another possibility for how there could be stalkerware on my phone, but I don’t think it’s very likely. I bought my current Android recently because I was concerned my previous phones were compromised by the domestic abuser. When I went to Best Buy to buy the new phone (a popular model), the sales associate said they only had one in stock, so I purchased it. When he brought it back, however, the box was not covered in shrink wrap, as I believe they usually are. He said that was all they had, and so I bought it because I felt pressured—like I had no other option. Is it possible this “new” phone was compromised with malware?

2. I have decided I will do a factory reset of the phone. My only concern is that I believe the domestic abuser is sophisticated enough to have stalkerware on my phone that will not be erased. Like I said, I don’t think they ever had physical access to my current Android phone, but I’m worried they may have done something in the settings of a previous phone or my Google account (not sure how that would work). I guess I just want to know if a factory reset will almost 100% stop the suspicious activity on my phone.

3. When I bought my current Android phone, I initially used the domestic abuser’s Wi-Fi network (he is the administrator). I am no longer using their Wi-Fi network, but rather the data plan. Is it possible spyware could have been installed by the domestic abuser over their Wi-Fi network when my phone was connected to it (again, not sure how that would work)?

Definitely change your Google Account password and enable two-factor authentication



Yeh, that's not a good idea. Although quite frankly I think these so called "security" things are basically snake-oil, and their main purpose to part you from your $$$.

I guess that's what I'm worried about, too. From personal experience, does anyone have any recommendations for good -- and preferably free -- anti-malware/stalkerware apps for Android? I know someone mentioned Malwarebytes. Is this about as good as it gets? Will the free version of Malwarebytes work just fine?

 

[Fox Mulder]

I hope you're not still living with this person.
It sounds like this is a situation that cannot be solved with software but rather with a change in living arrangements and a visit to the authorities.

 

[ocnbrze]

1. i used to work at Best Buy and they do sell open box items, but they would have a special sku for that and would show up on your receipt. they would have also mentioned that to you. if they did not, then i would assume that it is ok. if anything you have 14 days to return it, i believe.

2. do a hard reset. it is slightly different and is a more deeper clean than a factory reset. i do not know what phone you have but just google how to do a hard reset for your phone. it is usually a button combo of power and the volume buttons. and most things malicious will get wiped. anything sophisticated will need the physical phone and a computer. since you say that is not the case, then you should be fine with the hard reset.

3.again nothing can be installed via wifi unless you ok'd for the download. no person can't just hop onto your phone via wifi. something would have to be installed first and will need permission to access your phone. a popup will appear asking for said permission. so unless this happened and you ok'd it, you should be fine.

and malwarebytes is the best on the market have not come across anything better.

 

[jsmith50]

I hope you're not still living with this person.

It sounds like this is a situation that cannot be solved with software but rather with a change in living arrangements and a visit to the authorities.

Thank you. I am still living with the person, but I hope to move out sometime relatively soon. Of course, I’m worried I could still be tracked when I move out due to the potential stalkerware.


I’m not sure the authorities would be able to do much, do you? I mean, wouldn’t I need definite physical evidence for them to do anything about stalkerware?

1. i used to work at Best Buy and they do sell open box items, but they would have a special sku for that and would show up on your receipt. they would have also mentioned that to you. if they did not, then i would assume that it is ok. if anything you have 14 days to return it, i believe.


2. do a hard reset. it is slightly different and is a more deeper clean than a factory reset. i do not know what phone you have but just google how to do a hard reset for your phone. it is usually a button combo of power and the volume buttons. and most things malicious will get wiped. anything sophisticated will need the physical phone and a computer. since you say that is not the case, then you should be fine with the hard reset.


3.again nothing can be installed via wifi unless you ok'd for the download. no person can't just hop onto your phone via wifi. something would have to be installed first and will need permission to access your phone. a popup will appear asking for said permission. so unless this happened and you ok'd it, you should be fine.


and malwarebytes is the best on the market have not come across anything better.

Thanks so much again! My responses:

1. I do respect anyone who works retail jobs; I’ve done it myself and know it’s not easy. However, I got a bad feeling about this sale at Best Buy. It was a high-pressure sales situation and I feel like I did something I wouldn’t normally have done. Unfortunately, I no longer have the receipt and it was months ago. I know I was charged for a brand new item.
2. Wow, thanks. I take it this was critical information. I believe I have Android 11 and a Google Pixel 4a. Do you know if the instructions here will do what you are talking about? Link: https://www.hardreset.info/devices/google/google-pixel-4a/ It looks like the instructions at that link are for Android 10. Do you know if it will be the same in Android 11? If not, do you know where I can get instructions for Android 11 and the Pixel 4a? Could I just supplement the previous link with this link? Link: https://www.bestandroidos.com/how-to-hard-reset-android-11/
3. This is a relief. I will still choose not to use Wi-Fi for the time being because the domestic abuser would be able to look at Wi-Fi logs at the very least. When you were talking about the popup at the end asking for permission, are you talking about a prompt to install an app, or are you talking about a popup giving the network administrator access to the phone?

 

[Fox Mulder]

I’m not sure the authorities would be able to do much, do you? I mean, wouldn’t I need definite physical evidence for them to do anything about stalkerware?

I wasn't referring to what may be on your phone, but to the abuse. If that's really going on I'd think you would be best off to report it and possibly look for an order of protection. But I'm just speculating based on what you have posted and that is a matter far out of the scope of this discussion (or forum).

 

[jsmith50]

Well, I think I might have good news to report. Late yesterday afternoon, I tried going to example.com (the major retailer; see OP for more info) in Firefox again and this time the page loaded. This time, example.com redirected to www.example.com rather than m.com as it had been for the past week. Note also that it did not redirect to m.example.com, as I believe it had been before I started becoming concerned about this behavior. In fact, m.example.com is apparently no longer a valid website; it too redirects to www.example.com.

This leads me to believe perhaps there was nothing malicious ever going on with this behavior in Firefox. It appears the major retailer got rid of the m.example.com subdomain and is now just using their www version for mobile as well. Nevertheless, questions remain. 1) Why did it example.com redirect to m.com only in Firefox (not Chrome) for the past week? 2) Why, earlier in the week, did www.example.com (note the “www”) redirect to m.example.com? I’m thinking the issue may be related to domain propagation or something similar, but I was looking for input. It was unfortunate that this strange behavior started happening within hours of deleting that incriminating information I had posted online about the domestic abuser.

With that said, do you think I should still go through with the hard reset? If not, I still found the replies here on Android Forums immensely helpful and it is very useful to know all this information for future reference. I hope other people who read this thread were helped as well. The fact remains I believe this domestic abuser is doing things with my phone—such as cutting off the cell service (I’m on a family plan) and sending GPS trackers via text message (perhaps I will post about the GPS trackers in another thread)—and I want to do everything I can to ensure they will not be able to monitor me or control my access to the cellular network.

It should also probably be noted again that I don’t believe the domestic abuser ever had physical access to my current device. So do you think I should still go through with the hard reset? And is it possible there is some kind of setting/back door set up in my Google account or something else that allows the domestic abuser to infect new devices without physical access?

This is what I love about forums. Someone joins with questions they can’t have answered via any other viable means, and they get all the help they were looking for. Thank you so much to the people who have responded so far and to Android Forums . This is the best part of the internet.

I wasn't referring to what may be on your phone, but to the abuse. If that's really going on I'd think you would be best off to report it and possibly look for an order of protection. But I'm just speculating based on what you have posted and that is a matter far out of the scope of this discussion (or forum).

Thank you. I think the authorities are already aware of my situation, but there is little they can do. I don’t think an order of protection is either necessary or desired at this point. I am, however, looking to move out on my own.

 

[steiny180]

Have a look at the free NoRoot Firewall app in the PS.

This app allows you to allow or deny some or all wifi and / or data accesses on an app-by-app basis with wildcard support.

A great free little app I use the hell out of.

 

[ocnbrze]

Well, I think I might have good news to report. Late yesterday afternoon, I tried going to example.com (the major retailer; see OP for more info) in Firefox again and this time the page loaded. This time, example.com redirected to www.example.com rather than m.com as it had been for the past week. Note also that it did not redirect to m.example.com, as I believe it had been before I started becoming concerned about this behavior. In fact, m.example.com is apparently no longer a valid website; it too redirects to www.example.com.

This leads me to believe perhaps there was nothing malicious ever going on with this behavior in Firefox. It appears the major retailer got rid of the m.example.com subdomain and is now just using their www version for mobile as well. Nevertheless, questions remain. 1) Why did it example.com redirect to m.com only in Firefox (not Chrome) for the past week? 2) Why, earlier in the week, did www.example.com (note the “www”) redirect to m.example.com? I’m thinking the issue may be related to domain propagation or something similar, but I was looking for input. It was unfortunate that this strange behavior started happening within hours of deleting that incriminating information I had posted online about the domestic abuser.

With that said, do you think I should still go through with the hard reset? If not, I still found the replies here on Android Forums immensely helpful and it is very useful to know all this information for future reference. I hope other people who read this thread were helped as well. The fact remains I believe this domestic abuser is doing things with my phone—such as cutting off the cell service (I’m on a family plan) and sending GPS trackers via text message (perhaps I will post about the GPS trackers in another thread)—and I want to do everything I can to ensure they will not be able to monitor me or control my access to the cellular network.

It should also probably be noted again that I don’t believe the domestic abuser ever had physical access to my current device. So do you think I should still go through with the hard reset? And is it possible there is some kind of setting/back door set up in my Google account or something else that allows the domestic abuser to infect new devices without physical access?

This is what I love about forums. Someone joins with questions they can’t have answered via any other viable means, and they get all the help they were looking for. Thank you so much to the people who have responded so far and to Android Forums . This is the best part of the internet.



Thank you. I think the authorities are already aware of my situation, but there is little they can do. I don’t think an order of protection is either necessary or desired at this point. I am, however, looking to move out on my own.

i would still do a hard reset, just to be cautious.....but that is up to you.

if you get your own account, you should have no worries as far control of your network.

and if you setup two step verification, he would not have access to your google acct.

and i agree forums, especially this forum, can be great.

i'm hoping for the best for you........good luck and keep us posted.

 

[jsmith50]

Have a look at the free NoRoot Firewall app in the PS.


This app allows you to allow or deny some or all wifi and / or data accesses on an app-by-app basis with wildcard support.


A great free little app I use the hell out of.

Thanks. I appreciate the recommendation. That app may be useful later.

i would still do a hard reset, just to be cautious.....but that is up to you.


if you get your own account, you should have no worries as far control of your network.


and if you setup two step verification, he would not have access to your google acct.


and i agree forums, especially this forum, can be great.


i'm hoping for the best for you........good luck and keep us posted.

I understand a hard reset would be the safest option, but I think I’ll choose not to do it unless I notice more strange activity. As mentioned multiple times, I don’t believe the abuser ever had physical access to my Google Pixel 4a.

I did contact the retailer and confirmed that they transitioned from the m.example.com mobile site to a www.example.com mobile site the same day I noticed the website behavior in Firefox was fixed. One explanation for the strange behavior was they had set up a permanent (HTTP 301) redirect from m.example.com to m.com that cached in Firefox on my device. However, this doesn’t explain why the website worked in Chrome. Can anyone think of another benign explanation?

I take it by “[my] own account” you mean my own Verizon account. If so, I have had my own Verizon account at various points because of my fear of him monitoring my activity or suspending my cell access. I will look into it again soon, I hope.

I did set up two-step verification with my Google account shortly before I posted this thread. Does anyone know what would happen if I lost my cell phone and/or cell phone number? Would Google be able to let me in with other credentials, such as my backup email address? If I remember correctly, Google won’t let someone into an account with two-factor verification via the backup email address alone.

Thanks again.

 

[sparkybalboa]

Thanks. I appreciate the recommendation. That app may be useful later.


I understand a hard reset would be the safest option, but I think I’ll choose not to do it unless I notice more strange activity. As mentioned multiple times, I don’t believe the abuser ever had physical access to my Google Pixel 4a.

I did contact the retailer and confirmed that they transitioned from the m.example.com mobile site to a www.example.com mobile site the same day I noticed the website behavior in Firefox was fixed. One explanation for the strange behavior was they had set up a permanent (HTTP 301) redirect from m.example.com to m.com that cached in Firefox on my device. However, this doesn’t explain why the website worked in Chrome. Can anyone think of another benign explanation?

I take it by “[my] own account” you mean my own Verizon account. If so, I have had my own Verizon account at various points because of my fear of him monitoring my activity or suspending my cell access. I will look into it again soon, I hope.

I did set up two-step verification with my Google account shortly before I posted this thread. Does anyone know what would happen if I lost my cell phone and/or cell phone number? Would Google be able to let me in with other credentials, such as my backup email address? If I remember correctly, Google won’t let someone into an account with two-factor verification via the backup email address alone.

Thanks again.

Ok. This is an old post but i needed to explain something very obvious that others did not just in case you happen to read this several months later.

You keep talking about the various ways you could or couldnt have had your phone compromised but are ignoring so much. If he pays for the cell phone bill then he can have any access he wants to your text, calls, and location if not more. You need to pay for your own phone service. Doing so will be the easiest way to secure your phone from the simplest way abusers access phones.

You also kept saying that he never had physical access to the phone but then go on to say that he had the phone in his possession. If you live with him and sleep in the same home then he has physical access to your phone. If you can view each character of your password as youre typing it & then it disappears a second later as your type the rest of the password? People can easily watch that and get the password or secretly record you unlocking your phone (keep in mind it's likely a 4 digit code so its easier to do than you think.) If he can unlock the phone then he can install every single type of spyware app that exists and they could easily be able to remain after a reset. If you have biometrics such as finger print. He could use your finger when youre sleeping especially after a night of drinking or if youre a deep sleeper(abusers are mentally ill. The lengths they will go are not something that is easy for sane people to imagine.)
You basically keep allowing him access.
Its almost amazing how much research you probably put into figuring this all out yet its literally probably an issue because you live with the abuser. He pays your bills. And you want to keep the same email and likely use that email to install backups which would include any old malicious apps the bf installed. So many vulnerabilities....