IPV Spyware Discovery (ISDi) Tool
Checks Android or iOS devices for apps used to surveil or track victims ("stalkerware", "spouseware", "spyware"). ISDi's technical details are included in "Clinical Computer Security for Victims of Intimate Partner Violence" (USENIX 2019). The blacklist is based on apps crawled in "The Spyware Used in Intimate Partner Violence" (IEEE S&P 2018).
Also checks for signs of jailbroken iOS devices or rooted Android devices.
Right now, ISDi currently only natively supports macOS and Linux. If you are using a Windows device, you can use the Windows Subsystem for Linux 2 (WSL2), which can be installed by following these instructions. After this, follow the remaining instructions as a Linux user would, cloning/running ISDi inside the Linux container of your choice.
You will need Python 3.6 or higher (check by running
python3in your Terminal and see what happens). On macOS, you can get this by running the following commands in your Terminal application:
xcode-select --install(installs developer tools); followed by
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"to get Brew (a software package manager); finally,
brew install pythonto get Python 3.6+.
pip3 install -r requirements.txtin the base directory of this repository to get the required Python modules.
Miscellaneous System dependencies
Install ADB for your operating system (via https://developer.android.com/studio/releases/platform-tools.html). On macOS, try
brew cask install android-platform-tools. On Debian-based systems, try
sudo apt install adb. Windows via WSL2 only: Installing adb is not so straightforward in WSL2, and it won't work straightaway. You have to ensure having the same version of adb both in WSL2 and in normal Windows (with
adb version), then you will need to start the adb process first in Windows, then in WSL2 (with for example
expect. On macOS, run
brew install expect. On Debian-based systems, run
sudo apt install expect.
Linux/WSL2 only: If you are running Linux or WSL2, install patchelf (on Debian-based systems, this can be done like
sudo apt install patchelf) and then run
./scripts/patch_ios_dylibs.sh. You may need to re-run this script if you are collaborating and other ISDi users overwrite the iOS binaries with their own absolute shared object paths. More details here (including for macOS users).
- Fill out https://forms.gle/qzres5fQaRbwsyni7 with
a legitimate request for the blacklist ISDi requires to run. Please note that at this time, we are only considering requests from those working for victim services organizations. Approved requests will receive a follow-up email to the address entered on the form, so be sure to check your inbox.
We will provide
static_data.zip, which should be unzipped and replacing the public facing
static_datadirectory in this repository.
After ISDi is installed, with an Android or iOS device plugged in and unlocked, run the following command in the terminal (in the base directory of this repository)
$ bash run.sh
Then navigate to
http://localhost:5000 in the browser of your choice (or
in test mode). You will see ISDi running as a web app. Click on
"Scan Instructions" and follow
the instructions to prepare your device for the scan.
It should look something like this:
Connect a device and click on the suitable button
iOS. Give it a
nickname and click "Scan now". (Please connect one device at a time.) It
will take a few seconds for the scan to complete. We are working to have all
scan results done at once on Android, but for the time being please leave the
device plugged in when clicking on apps on the scan results table.
After the scan, the UI will look something like this:
Consultation form data
ISDi is intended to be used by advocates for victims of intimate partner violence in
a clinical setting;
you can add detailed notes about a victim's tech abuse situation
"Start Consult Form" on ISDi's homepage. The results
will be saved in
data/fieldstudy.db and can be viewed/edited
by navigating to
Some consult form data may not be relevant for use in
other organizations (e.g., the meeting location being
in a borough of New York City). Please consider adapting the form
for your needs. One can do this by modifying the
Client class in
server.py and use
sa is obtained by wrapping SQLAlchemy over
the Flask app) to obtain the new
schema. Then place the new schema in
schema.sql by updating the
If you encounter errors, please file a GitHub issue with the server error output (or send it as an email to firstname.lastname@example.org). Pull requests are welcome. Inspect apps on the device manually if you cannot resolve a failure.
In the terminal of the computer, run
adb devices to see if
the device is connected properly.
In the terminal of the computer (in the base directory of this repository),
./static_data/libimobiledevice-darwin/idevice_id -l to see if
the device is connected properly (replace
linux if your system is Linux.)
Cast iOS Screens or Mirror Android Screens
It is possible to view your device screen(s) in real time on the macOS computer in a new window. This may be useful to have while you are running the scan (and especially if you use the privacy checkup feature), as it will be easy for you to see the mobile device screen(s) in real time on the Mac side-by-side with the scanner.
How to do it: you can mirror Android device screens in a new window using scrcpy, and cast iOS device screens on macOS with QuickTime 10 (launch it and click File --> New Movie Recording --> (on dropdown by red button) the iPhone/iPad name).
The data downloaded and stored in the study are the
following. 1. A
sqlite database containing the feedback and actions taken by
the user. 2.
phone_dump/ folder will have dump of some services in the
phone. (For Android I have figured out what are these, for iOS I don't know
how to get those information.)
The services that we can dump safely using
dumpsys are the
- Application static details:
packageSensor and configuration info:
usagestatsApp running information:
See details about the services in notes.md
appIds, and their names. Also, I got "permissions" granted
to the application. I don't know how to get install date, resource usage, etc.
(Any help will be greatly welcomed.)
phone_scanner.pyhas all the logic required to communicate with Android and iOS devices.
parse_dump.pyhas all of the logic required to extract dumped info from the devices. After the initial scan, the server will rely on this parser rather than needing an active connection to the device (work in progress). For now, please keep your device plugged in when looking at scan results.
server.pyis the Flask web server.
templates/folder contains the html templates rendering in the UI
webstatic/folder contains the
phone_dumps/folder will contain the data recorded from the phone (as well as in
How to figure out off-store apps in Android and iOS? Check the installer in
3. For iOS, how to find out app installation dates,
resource usage, etc? 4. Explore viability of
adb shell pm packages -i
See notes.md for other developer helps.