The Predator in Your Pocket: A Multidisciplinary Assessment of the Stalkerware Application Industry By Christopher Parsons, Adam Molnar, Jakub Dalek, Jeffrey Knockel, Miles Kenyon, Bennett Haselton, Cynthia Khoo, Ronald Deibert JUNE 2017 RESEARCH REPORT #119 THE PREDATOR IN YOUR POCKET A Multidisciplinary Assessment of the Stalkerware Application Industry By Christopher Parsons, Adam Molnar, Jakub Dalek, Jeffrey Knockel, Miles Kenyon, Bennett Haselton, Cynthia Khoo, and Ronald Deibert Research report #119 June 2019 This page is deliberately left blank Copyright © 2019 Citizen Lab, “The Predator in Your Pocket: A Multidisciplinary Assessment of the Stalkerware Application Industry,” by Christopher Parsons, Adam Molnar, Jakub Dalek, Jeffrey Knockel, Miles Kenyon, Bennett Haselton, Cynthia Khoo, and Ronald Deibert. Licensed under the Creative Commons BY-SA 4.0 (Attribution-ShareAlike Licence) Electronic version first published by the Citizen Lab in 2019. This work can be accessed through https://citizenlab.ca. Citizen Lab engages in research that investigates the intersection of digital technologies, law, and human rights. Document Version: 1.2 The Creative Commons Attribution-ShareAlike 4.0 license under which this report is licensed lets you freely copy, distribute, remix, transform, and build on it, as long as you: • give appropriate credit; • indicate whether you made changes; and • use and link to the same CC BY-SA 4.0 licence. However, any rights in excerpts reproduced in this report remain with their respective authors; and any rights in brand and product names and associated logos remain with their respective owners. Uses of these that are protected by copyright or trademark rights require the rightsholder’s prior written agreement. iii Do you need help? If you are in immediate danger, call 9-1-1 or your local emergency police department. A Canada-wide directory of victim services, shelters, and other local organizations is available at the following web address: http://www.justice.gc.ca/eng/cj-jp/victims-victimes/vsd-rsv/sch-rch.aspx The Government of Canada maintains a list of information related to family violence, including a list of the specific resources available in provinces or territories, here: http://www.justice.gc.ca/eng/cj-jp/fv-vf/help-aide.html If you are concerned about your digital security or believe your device has been or is likely to become compromised, see the list of digital security guides and resources provided at the end of this report, in Appendix B. This report does not provide legal advice. The intended audience of this report includes legal professionals, educators, technologists, social workers, journalists, and advocates in Canada. It is provided for general information purposes only, and it is not legal advice or a substitute for legal advice. Information contained in this report is accurate and current to the best of our knowledge on the date that it was published, but readers should be aware that the laws, their application, and court processes can change frequently and sometimes without notice. Anyone dealing with the legal issues discussed in this report is strongly encouraged to meet with a lawyer to review their rights, options, and legal obligations. Any use made of the information contained in this report is not the responsibility of the authors and does not create a client relationship with either the authors or the Citizen Lab. iv The Citizen Lab, Munk School of Global Affairs and Public Policy, University of Toronto The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, focusing on research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security. The Citizen Lab uses a “mixed methods” approach to research combining practices from political science, law, computer science, and area studies. Its research includes investigating digital espionage against civil society, documenting Internet filtering and other technologies and practices that impact freedom of expression online, analyzing privacy, security, and information controls of popular applications, and examining transparency and accountability mechanisms relevant to the relationship between corporations and state agencies regarding personal data and other surveillance activities. About the Authors Authors are listed in the order that their writing appears in the report. Christopher Parsons is currently a Senior Research Associate at the Citizen Lab, in the Munk School of Global Affairs & Public Policy with the University of Toronto, as well as the Managing Director of the Telecom Transparency Project at the Citizen Lab. He received his Bachelor’s and Master’s degrees from the University of Guelph, and his Ph.D from the University of Victoria. Adam Molnar is currently a Lecturer at Deakin University (Australia) in the Department of Criminology and is a Visiting Professor at the Citizen Lab, in the Munk School of Global Affairs & Public Policy with the University of Toronto. On 1 July, 2019, he will be Assistant Professor in the Department of Sociology and Legal Studies at the University of Waterloo. He received his Bachelor’s from York University (Toronto), and his Master’s and Ph.D from the University of Victoria. Jakub Dalek is a Researcher at the Citizen Lab, in the Munk School of Global Affairs & Public Policy with the University Of Toronto. He received his Bachelor's from the University of Toronto. v Jeffrey Knockel is a Postdoctoral Fellow at the Citizen Lab, in the Munk School of Global Affairs & Public Policy with the University of Toronto. He has used reverse engineering techniques to study how digital technologies affect people’s freedom to communicate on the Internet in multiple peer-reviewed studies. Miles Kenyon is a Communications Specialist at the Citizen Lab, in the Munk School of Global Affairs & Public Policy with the University of Toronto. He received his Bachelor’s from the University of Toronto and his Bachelor of Journalism from the University of King’s College (Halifax). Bennett Haselton is a contractor for the Citizen Lab, in the Munk School of Global Affairs & Public Policy with the University of Toronto, and a developer for Psiphon, a maker of Internet anti-censorship software. He has been publishing research on Internet blocking and monitoring software since 1996. He also works as an Internet security researcher based in Seattle. Cynthia Khoo is a Research Fellow and former Google Policy Fellow at the Citizen Lab, in the Munk School of Global Affairs & Public Policy with the University of Toronto. She is a digital rights lawyer called to the Bar of Ontario, and completing the LL.M. (Concentration in Law and Technology) at the University of Ottawa, where she interned at the Canadian Internet Policy and Public Interest Clinic. She received her J.D. from the University of Victoria. Ronald Deibert is a Professor of Political Science, and Director of the Citizen Lab, in the Munk School of Global Affairs & Public Policy with the University of Toronto. He received his Master's from Queen's University and his Ph.D from the University of British Columbia. In 2013 he was appointed to the Order of Ontario. vi Acknowledgements The authors would like to extend their thanks and gratitude to a number of people who have provided support, feedback, and insights over the course of researching and writing this report, including (in alphabetical order): Siena Anstis, Suzie Dunn, Lara Fullenwieder, Maya Ganesh, Lex Gill, Diarmaid Harkin, Pam Hrick, Tamir Israel, Etienne Maynier, Petr Novak, Kate Robertson, Erica Vowles, and Rhiannon Wong. The design of this document is by Mari Zhou. We are also grateful to the individuals who gave us the opportunity to share early versions of this of this research during the Citizen Lab Summer Institute on Monitoring Internet Openness and Rights (Munk School of Global Affairs & Public Policy, University of Toronto). Finally, the authors would like to offer our sincere thanks to Open Society Foundations, John D. and Catherine T. MacArthur Foundation, Ford Foundation, the Sigrid Rausing Trust, the Oak Foundation, the Australian Communications Consumer Action Network (ACCAN), as well as the Office of the Privacy Commissioner of Canada’s Contributions Program, whose generous funding made this report possible. vii Corrections and Questions Please send all questions and corrections to the authors directly at: [email protected] [email protected] [email protected] Suggested Citation Christopher Parsons, Adam Molnar, Jakub Dalek, Jeffrey Knockel, Miles Kenyon, Bennett Haselton, Cynthia Khoo, Ron Deibert. “The Predator in Your Pocket: A Multidisciplinary Assessment of the Stalkerware Application Industry,” Citizen Lab Research Report No. 119, University of Toronto, June 2019. viii Contents Information Boxes xi Table of Acronyms xii Executive Summary 1 Introduction 8 Part 1 - Background and Literature Review 14 1.1 What is Stalkerware 16 1.2 Case Selection 18 1.3 Stalkerware Capabilities 20 1.4 Domestic Violence, Gendered Surveillance, and Privacy 21 1.5 Technical Assessments of Software Products 26 1.6 Assessments of Corporate Marketing 29 1.7 Corporate Policy Assessments 31 1.8 Legal Evaluation of Products 33 Section 2: Technical Assessment of Stalkerware 35 2.1 Case Study Selection 36 2.2 Technical Assessments 37 2.2.1 Network Activity 37 2.2.2 Measuring Protection from Commercial Anti-Virus