Intimate partner violence (IPV) is a disturbing form of abuse that occurs in romantic relationships, more commonly affecting female partners.
IPV can range from emotional abuse or stalking to recurring and severe violent episodes over an extended period, with both short- and long-term effects on the victim's physical and mental health.
Unfortunately, easy access to IPV tools including stalkerware apps, is contributing to the perpetuation of such behaviors.
Our study identified 83 stalkerware apps and websites available online. Invasive capabilities offered by 58 of these apps were enumerated and experimentally verified to clearly identify the severe privacy risks posed by them. Additionally, 125 well-known third-party web services that also help run the IPV ecosystem were identified. The report also highlights 46 vulnerabilities across 29 apps, including broken authentication mechanisms, insecure storage of sensitive data, and other attack vectors exploitable by external attackers.