The Hidden Threat: Unveiling the Shocking Truth About Stalkerware Detection on Android
In a recent eye-opening study, the Electronic Frontier Foundation (EFF) and AV-Comparatives have exposed a disturbing reality: Android's built-in security tool, Google Play Protect, is failing to detect the majority of stalkerware apps. This revelation sends chills down the spine of anyone concerned about digital privacy and safety.
The tests, conducted in late 2025, revealed a stark contrast in the effectiveness of various antivirus apps. While some vendors have made commendable strides, others still leave Android users vulnerable to insidious digital surveillance and abuse. This is especially concerning given the covert nature of stalkerware, which often masquerades as legitimate parental control or employee monitoring tools.
The Dark Side of Stalkerware
Stalkerware enables the sinister practice of covert surveillance, allowing perpetrators to monitor a victim's every move: from text messages and calls to their location, photos, and app usage. Its use is disturbingly common in intimate partner abuse cases, where the abuser gains physical access to the victim's device, installs the spyware, and then hides it, sending collected data to a remote server. The spyware often resists uninstallation, leaving the victim unaware of the invasion of their privacy.
The companies behind these tools exploit legal loopholes, selling software that may be lawful in some jurisdictions but is generally illegal to install without consent. While vendors claim to include disclaimers suggesting the buyer inform the device owner, the software is designed to operate stealthily, leaving victims in the dark.
Previous breaches, such as those involving SpyX, Cocospy, and Spyic, have exposed collected data to the public, adding a layer of complexity to the issue. These incidents highlight the broader cybersecurity implications and the urgent need for effective detection and protection against stalkerware.
Google Play Protect's Failure
The joint study by EFF and AV-Comparatives evaluated 13 leading mobile security products against 17 real-world stalkerware samples. The results were startling: Malwarebytes emerged as the only solution capable of detecting 100% of the test cases. Bitdefender, ESET, Kaspersky, and McAfee closely followed, each achieving a 94% detection rate. However, Google Play Protect, Android's default security solution, detected a mere 53% of samples, the lowest score among all tested products.
While the 2025 test showed improved detection rates compared to previous years, AV-Comparatives warns that generic threat labeling and inadequate user notifications are still prevalent. This means victims may remain unaware of the specific threat they face and how to respond safely. Many of the tested apps were found to be repackaged versions of the same underlying codebase, indicating a shrinking but persistent ecosystem.
Researchers suggest this decline in diversity could be due to regulatory pressure or the rise of physical trackers like Apple AirTags, which are increasingly used in stalking scenarios. The test not only measured detection rates but also evaluated how each product reported threats. Clear, contextual warnings are crucial for victims to understand the danger, yet many products failed to provide such explicit labels or explanations.
Only a few products explicitly identified threats as stalkerware or explained their capabilities. Notably, Kaspersky was the only app tested that warned users about the potential risk of immediate removal alerting the abuser, a critical safety consideration often overlooked.
The Risks of Inadequate Notification Channels
While none of the apps automatically removed stalkerware (a positive step to avoid retaliation), the lack of secure notification channels is a cause for concern. In situations where the abuser monitors the victim's screen activity, in-app alerts could inadvertently tip them off. This highlights the need for out-of-band alerts, such as email notifications, to ensure the victim's safety.
Protecting Yourself from Stalkerware Attacks
If you believe you are at risk of stalkerware attacks, it is crucial to consider using a mobile security app with proven detection capabilities. Relying solely on Android's default Play Protect system may leave you vulnerable. Stay informed, stay vigilant, and take control of your digital privacy and security.
Join the Conversation
What are your thoughts on this disturbing revelation? Do you think Android users should be more proactive in choosing security apps? Share your insights and experiences in the comments below. Let's spark a conversation and raise awareness about this critical issue.
