TinyCheck: A New Open-Source Tool Against Stalkerware
Kaspersky Lab has launched a portal dedicated to TinyCheck, an open-source tool designed to combat digital surveillance software, also known as stalkerware. Interestingly, this solution is not recommended for individual use. Currently, it is being tested by European law enforcement and judicial authorities, with plans to use the device during evidence collection to assist victims in the future.
The company notes that in Russia, one in five people (19%) have encountered digital surveillance, and half of them (52%) reported that the surveillance was conducted through special phone applications.
What Is TinyCheck?
TinyCheck is a free, open-source tool developed for non-profit organizations that work with victims of domestic violence and stalking. The newly launched website provides information about the latest developments and updates related to the solution.
Experts explain that the idea for TinyCheck emerged from a conversation between Kaspersky Lab and representatives of a French women’s shelter for victims of domestic violence. As the number of stalkerware victims grew, the organization struggled to address the issue from a technological standpoint. They needed an easy-to-use tool that could collect evidence against abusers and remain undetectable on the victim’s device. This led to the creation of TinyCheck in 2019.
“Stalkerware gives access to a wide range of personal data: browser search history, chats, social networks, and location. Using such programs poses a serious threat to privacy. We consider such invasions of personal life unacceptable. Kaspersky Lab became one of the founders of the international Coalition Against Stalkerware and a partner of the German research project DeStalk, which trains professionals who help victims of violence. Together, we developed TinyCheck and plan to further develop this direction, including with Russian NGOs,” says Maria Losyukova, Head of Sustainable Development Projects at Kaspersky Lab.
How TinyCheck Works
The solution is not installed on a smartphone but on a separate external device—a Raspberry Pi microcomputer. TinyCheck can monitor outgoing internet traffic, analyze it in real time, and detect connections to stalkerware command and control centers. Importantly, the person conducting the surveillance cannot detect that such a check is being performed.
The tool can work with any operating system and interacts only with online servers or IP addresses that the smartphone communicates with. It does not collect information about who the user is talking to or what is being discussed. Data from the analyzed device is not transmitted anywhere: neither Kaspersky Lab nor any other party has access to this information. All analysis is performed locally.
“Unlike the wide variety of stalkerware, there are not many detection tools available. For some mobile devices, such as iPhones, there are simply none. That’s why a hidden scanner for detecting stalkerware is necessary. The abuser should not know that the victim is trying to check for surveillance software on their device, as the consequences could be unpredictable. Kaspersky Lab has developed such a tool—a special scanner called TinyCheck,” comments Viktor Chebyshev, cybersecurity expert at Kaspersky Lab.