Leaving your abuser - don't let them track you by your mobile
Victims of domestic violence who are leaving abusive relationships and seeking refuge will often unwittingly lead abusers to their location via mobile phones. Mobiles can track the victim if the phone is registered to the abuser, if they have access to the victim’s Google or iPhone online account, or if surveillance software/app has been put on the phone.
Today’s smart/Internet phones all have an online account. Abusers can access a victim’s online account either because it is registered in their name, because they know/guess the person’s login details, or because they set-up the phone’s online account in their name.
What is the threat? The abuser can:
- See the phone's location
- Lock the phone
- Delete the phone’s data
- Download apps onto the phone
All Apple phones and most Androids have a “find my phone” application which would allow an abuser to:
- See the phone’s location
- Turn on the microphone and listen to conversations
- Send flash texts
How do they access the online account?
If the phone is registered in the abuser’s name then they are entitled to access that phone’s online details. It is the phone that is registered, not the SIM, so changing the SIM won’t help. If the phone is registered to the abuser, the victim will have to get a new phone.
If the phone is registered to the victim don’t assume it is safe. You should assume anyone escaping an abusive relationship has a compromised phone. That is because most abusers would have already compromised the account before the person left.
How do they compromise the account?
It is much easier to access someone's online account than most people think. Victims who have recently left their abusive partners are likely to have had most of their online accounts compromised including the mobile account.
If they shared a computer and it is running a Mozilla browser, then all the saved passwords are accessible within two clicks. Abusers may simply know, or can easily guess, what password the victim uses or they may have put spy software on a computer or mobile. All of these methods are very common.
Even if the victim changes their passwords they often use passwords that are easy for perpetrators to guess. That is because we naturally chose passwords that are easy for us to remember. Unfortunately the most memorable passwords are often personal things that an ex-partner can guess.
What should victims do so they are not tracked to a refuge or a safe place?
If the phone is registered to the abuser
- Save all contact information to the SIM and back up the rest.
- Buy a new phone and restore the saved data onto the phone.
If the phone is registered to the victim
- Delete any "find my phone" apps and any other apps you don’t recognise
- Disable geo-location services
- Disable data services
- Immediately change your password and set-up two step authentication.
After you are safe – clean the phone to remove surveillance software or apps
- Clean the mobile phone by backing up all the data
- Do a factory reset
- Manually (not automatic) reinstall the data – it is important not to reinstall any app or software the victim did not put on their phone themselves. If in doubt don’t reinstall it.