The Malware of Love
The app doesn't show up in the app drawer. It doesn't appear in the battery usage stats unless you know where to look. It silently uploads GPS coordinates, reads your messages, logs your calls. When you think your phone is yours, it isn't.
Millions of people are installing this on their partners' devices right now. They found it by searching "how to track my husband's phone" or clicking an ad that promises to "catch a cheating partner in minutes." The apps have heart logos. Some offer a free trial.
This is stalkerware—commercially available surveillance software designed to be invisible to its target—and it's one of the more honest products the app economy has ever shipped. It does exactly what it advertises. That's the problem.
The technical architecture is indistinguishable from state-sponsored spyware. Location harvesting, message interception, keylogging, silent photo uploads. The same capabilities that made NSO Group's Pegasus infamous when deployed by authoritarian governments are available for $29.99/month with a customer service line. The difference isn't the code. The difference is who's on the receiving end of the report.
Domestic violence organizations have spent years documenting what happens downstream of a stalkerware install. The surveillance creates a control loop: the watcher sees everything, the watched behaves "correctly" to avoid confrontation, the watcher escalates monitoring when behavior deviates. It's a feedback mechanism that tightens. The technology doesn't cause the abuse—but it industrializes it. What used to require physical proximity or social pressure can now be automated and run 24/7 from anywhere.
Apple and Google officially prohibit apps that hide their presence from device owners. The enforcement is uneven at best. The stalkerware ecosystem survives through semantic creativity: "family safety apps," "parental monitoring tools," "relationship accountability software." The distinction between a parental control app and a stalkerware suite is increasingly a matter of marketing copy, not functionality. Both can read your texts. Only one is marketed with a picture of a couple.
The part that's technically interesting—in the most depressing sense—is how much work goes into making these apps hard to find. Clean uninstall pathways that delete evidence. Obfuscated process names. Battery optimization exceptions. Someone engineered the experience of not being found. That's not a parental monitoring product. That's a covert operation with a Stripe checkout page.
Zack Whittaker at 404 Media has been tracking this ecosystem for years. The scale is always worse than the last estimate. Millions of active installs. The surveillance is not theoretical.
The AI angle is already here in some products: behavioral pattern analysis, anomaly detection, automated alerts when "unusual activity" occurs. The tools to surveil a partner are about to get dramatically better, cheaper, and easier to use. The app stores will update their policies. The developers will update their obfuscation.
The phone in your pocket knows everything about you. The question was always who else gets to know it.
i · sources
source · 404 Media — stalkerware on partners phones, Zack Whittaker
threaded with
- beat · Tech
The Camera They Can't Quit
Dayton put trash bags over its Flock cameras — not because they broke, but because the contract says you cannot just leave. This is what surveillance vendor lock-in looks like at street level.
today
- beat · Tech
The School Deepfakes Ate
A $250 app from the App Store. Five victims. One harassment charge. Every institution in Radnor's deepfake chain made a defensible choice. Together they produced nothing.
yesterday
- beat · Tech
The Lobotomized Companion
Character.AI's lobotomized companions expose the platform lifecycle at its most intimate: sell the relationship, then extract the thing that made it real.
2 days ago