an illustration of two stick figures holding a large phone that has a red skull icon on it.

What is spyware and what can you do to stay protected?

What actually is spyware?

Spyware is a type of malicious software. It interferes with a device’s normal operation to collect information without alerting the user and sends it to another unauthorised entity.

Highly invasive spyware allows unlimited access to a device by default. It leaves little to no trace, so for the user it’s almost impossible to know what data was taken.

It can target any connected device: phones, computers and other devices that connect to the internet.

How does it work?

Spyware can infect a device when a user clicks on a malicious link or even without them doing anything.

The infection methods include:

1-click

The device is infected when the user clicks on a compromised link. Compromised links can be sent many different ways including via text, email or on social media platforms.

Zero-click

The device is infected without the user interacting with, or doing, anything.

What happens when your device gets infected?

Once a device is infected with highly invasive spyware, the operator has total access to the phone and can:

  • Track its location
  • Access conversations, even on end-to-end encrypted apps like Signal and Telegram
  • Access emails
  • Access contacts
  • Activate the microphone to listen to nearby conversations

Why does spyware even exist?

The surveillance industry develops spyware to bypass the increasingly strong security defences in computer, mobile devices and communication platforms. Surveillance operators want to compromise devices so they can access all the data stored there.

While spyware tools have been used for a long time, the increase in encryption after the Edward Snowden revelations in 2013 has made private data more difficult to collect by other surveillance methods. This has created a bigger demand for spyware.

Who uses spyware?

Law enforcement, military and intelligence agencies are the top users and clients of spyware and surveillance companies.

They may want to find out specific information like:

  • Someone’s whereabouts
  • A journalist’s sources
  • Details of protests being organised
  • Information someone may have on corruption
  • Evidence of criminal behaviour

Who are the people most commonly targeted with spyware?

Governments and companies say that these surveillance tools are only used to target ‘criminals and terrorists’.

But in reality, human rights activists, journalists and many others across the world have been unlawfully targeted with spyware.

What has spyware got to do with human rights? 

The unlawful use of spyware violates many human rights, like the right to privacy, and the rights to freedom of expression, opinion, assembly and association.

But spyware harms different people in different ways. Data can be weaponised and lead to more abuse, online and offline – especially for people who already face discrimination based on their identity. This abuse can take many forms, like blackmail, doxxing, cyber-stalking, harassment, and intimidation.

I’ve got nothing to hide, so this doesn’t affect me, right?

Think again.

Our research shows that activists and journalists who fear they are under surveillance will be less likely to speak out critically of their government or report on certain issues, for fear of being targeted and putting themselves, their sources and loved ones at risk.

This has an impact on all of us – the right to protest, and a free press reporting on issues that shape our lives, are key building blocks of any rights-respecting society.

What can people do to protect themselves from spyware?

It’s difficult to fully protect yourself from attacks, but here are some key essential digital security tips:

  • Keep your web browser and mobile operating system software updated.
  • Enable high security “Lockdown Mode” on Apple devices.
  • Be mindful of clicking links from strangers.
  • Pay attention to changes in devices’ functioning.
  • Using a reputable VPN can help prevent some forms of surveillance and censorship.
  • Change your Facebook privacy settings to existing friends, and evaluate new requests before accepting.
  • Visit Amnesty’s secure onion website, privately and anonymously, using the Tor network’s browser.

When governments and companies attack the people who are defending our rights, then we’re all at risk. That’s why we’re calling on countries around the world to ban all highly invasive spyware