Ex-partner invaded phone and email. Now what?
May 19, 2017 5:32 PM   Subscribe

Cell phone, texts, and emails have been breached on my Droid phone. How can I better protect myself?

Long story short, someone I was seeing invaded my privacy, and worked their way into my accounts.

How do I know?

They were not-subtly repeating private information to me back in candid conversation. Not an exaggeration, or imagination.

I've since purchased a new phone, changed my phone number, and changed my email addresses.

It would've seemed this individual had been sifting through my text messages, as well as my emails. It was especially unnerving, because I don't know how this person was reading texts and the info was getting back to me, when I hadn't seen them in weeks. It seemed as though there was some way(a hidden app?) my texts were being read without access to my phone. I do not have an I-phone. I have a Droid. I do recall one night this person had physical access to my phone.

I am now looking at installing Google Voice on my phone, to mask my number, and I have made a few new accounts.

Is there anything I can do to protect myself from this nonsense, that isn't suing the pants off of this creep? I'm also wondering if my phone is being "tracked" or "tapped", and this is a person who works in and with technology and cameras- so I don't feel as though it's farfetched whatsoever. It is, driving me a little crazy.

Please help.
posted by thewolfandewe to Technology (22 answers total) 4 users marked this as a favorite
Change all your passwords on all your accounts to something super random. I'm sorry this is happening. So terrible. I hope others here have more advice than that, but it was the first thing that popped into my head.
posted by Stewriffic at 5:52 PM on May 19, 2017 [5 favorites]

Don't forget to change your password to your old email account.
posted by Team of Scientists at 5:57 PM on May 19, 2017 [5 favorites]

search for anti-spyware software on the play store, and look for something with a good reputation/reviews. Also, guard physical access to your phone.

Technology abilities or no, there are not any easy ways for a civilian to tap a cell phone that I know of without physical access to the phone to install software (and it usually, if not always, involves jail-breaking the phone as well).

If all the leaked information is via texts, and if your texts are tied to a google voice account, don't forget to check for/revoke access to all other devices for that google voice account.
posted by randomkeystrike at 6:00 PM on May 19, 2017

I would also enable two factor authentication from now on for any app that offers it. I use it for Google account stuff currently. This basically will require you to fetch a 4 or 6 digit code from a Google Authenticator app that is on your phone any time you or someone else attempts to log into your google account from a new device.
posted by Team of Scientists at 6:01 PM on May 19, 2017 [11 favorites]

This site offers tutorials for how to enable two factor authentication (2FA) for many big name apps. https://www.turnon2fa.com/

Of utmost importance in these times.

Sorry this happened. What a sleazy thing to have to endure.
posted by Team of Scientists at 6:03 PM on May 19, 2017 [2 favorites]

Response by poster: Thanks so much, guys! This is helpful, please keep responses coming.

I haven't used Google Voice entirely before, but after this, I just want to secure some of my info so much more.
posted by thewolfandewe at 6:05 PM on May 19, 2017

On a desktop (I don't know how to get there from mobile) click on your google account and go to the "my account" page. The first card on that page should be called something like "sign in and security" and under that heading you'll see a link to review your connected apps. Click that.

On that page you can look through all of the apps and websites you've given your google account permissions to. Go through those carefully and remove anything you don't recognize.
posted by phunniemee at 6:20 PM on May 19, 2017 [1 favorite]

not only change your passwords, but change the answers to your verification questions. there's no need to actually list the street you grew up on when they ask for that, or your mom's maiden name, or the name of your first pet. let your answers be passphrases instead with lots of numbers/symbols and a random order.
posted by zdravo at 6:34 PM on May 19, 2017 [15 favorites]

In the vein of the "change your password" suggestions, I would also suggest using a password manager like 1Password to create long, randomly generated and *unique* passwords for every account. The idea is that you don't actually need to know every single password, just a master password (that you, very importantly, use for nothing else) that unlocks the password manager, which then fills in authentication information for you. 2FA, as others have mentioned, is also a good idea.
posted by strangecargo at 7:46 PM on May 19, 2017 [8 favorites]

...and then pray for 1Password to never be hacked the way that... well, everything is eventually hacked.

I prefer strangecargo's approach, but with a paper notebook containing some lies. (Lies so that even if I lose it, none of those are QUITE my password, so good luck, book-finder.)

For now, since Android is so infinitely fiddle-with-able (blessing and a curse), I'd turf the phone by completely erasing/resetting it to factory, and then set it up again.

While you're running around thinking about hacks and spyware, keep in mind that it could also be something as simple as "he turned text forwarding on".
posted by rokusan at 8:46 PM on May 19, 2017

>How do I know? They were not-subtly repeating private information to me back in candid conversation. Not an exaggeration, or imagination.

> I've since purchased a new phone, changed my phone number, and changed my email addresses. I am now looking at installing Google Voice on my phone, to mask my number, and I have made a few new accounts.

This strikes me as a little paranoid and excessive. If this did happen, I don't think you need to buy a new phone, change your phone number and change your email address. Do you use Gmail? You can review logins and see if someone from a device other than your usual ones gained access. You can also see if any filters were set up to make your emails forward or if any apps were connected to your account. You can look here: https://myaccount.google.com/security

I'll take your word for it that they did hack into all your devices. I would review login activity and end any sessions that aren't yours. I'd checked filters/forwarding rules to make sure emails weren't being forwarded. I'd change my password. And I would absolutely, 100% set up two-step verification. I use my phone for it but there are other options for two-step verification if you don't want it to go through your phone, like using a physical security dongle. As for anti-virus software, I recommend Avast -- it's free.

I'm honestly not sure what you mean when you say they hacked into your phone. Strikes me as pretty unlikely.
posted by AppleTurnover at 10:18 PM on May 19, 2017 [2 favorites]

Best answer: The OP says "I do recall one night this person had physical access to my phone."

With physical access to an unlocked Android phone, at least ones similar to my devices, you could very quickly turn on developer mode and allow non-Google-Play installs, install one of the apps that automatically roots the phone, and then install any .apk that has root access, which would be able to record anything on the screen, heard by the microphone, or seen by the camera(s) and upload the recordings anywhere.

A malicious person wouldn't even need to be very technical to do that; they'd just need to know the address of some hacker web site that offers the apps that do what they want. If you're screwing up someone else's phone you don't care if you're installing shitty apps shot through with malware that some other asshole somewhere wrote.

The OP was totally right to get a new phone—better safe than sorry. (But also should follow all the other excellent suggestions people are giving.)
posted by XMLicious at 11:20 PM on May 19, 2017 [10 favorites]

The OP could have done a factory reset and installed/flashed a new OS on the phone, but the easiest method would be to get a new phone. Regardless, look in your apps in the play store to see if there is any app you do not recognize. For example, PushBullet, while a great app that allows you to see messages/texts on your PC from your phone, can also be used for evil. Install your apps on your new phone, one by one. Only install ones you use regularly. Install a Root Checker app and make sure your phone is not rooted. I would install it on the old phone to check too.

Look in the settings at each app's permissions. Limit them to ones they need to do the job of the app.

As noted above, change passwords, use two-step authentication and put a long password (not a pattern or short four digit unlock code. I use an 11 character password. Also, consider if you want to trade off the convenience of a finger print unlock with the inherent insecurity of that method as well as voice and face recognition.

Encrypt your new phone.

I would also turn off location history in my google account.

On your old phone, log out of any account on it in every app. Then do a factory reset. Then drain the battery and leave it turned off. (I am paranoid enough to put in in my freezer too for a long while so that it cannot be tracked or found. A simple faraday cage the freezer is.

I would also get my new Google Voice number with an area code that is different from my current one so that this person either thinks you moved or simply cannot guess your location via your phone number.
posted by AugustWest at 11:55 PM on May 19, 2017

Safety Net is a good resource. So sorry this happened.
posted by anya32 at 2:40 AM on May 20, 2017

Given the mention of a lawsuit—if it's still possible, before disposing of the old phone or erasing anything from it the OP would want to get copies of any evidence which might be important in the future, like text messages from the ex-partner that show them being threatening or creepy. Or the entire phone could be saved intact for forensic purposes.

If we're at the level of talking about keeping phones in your freezer, we should also note that a factory reset and flashing the OS won't necessarily get rid of all malware. My point is to reiterate that the OP doesn't need to second-guess themselves about having already gotten a new phone; doing so provided an additional measure of security.
posted by XMLicious at 2:56 AM on May 20, 2017 [3 favorites]

I don't know anything about the phones and email, but this situation sounds like it could be dangerous. This person has gone to great lengths to digitally stalk you. Please be careful. If you have the person blocked from phone and email the person may escalate and stalk you in person.
posted by mareli at 5:28 AM on May 20, 2017

This is probably a violation of the law. You might want to make a police report to start a paper trail.

Also please be careful with your computer - there might be a key logger on it.
posted by bq at 7:49 AM on May 20, 2017

I think you've gotten some good advice about the technical aspects of this issue.

I think it might be a good idea to talk to the police. If this person installed spyware on your phone, that's probably a crime. It may also be useful to have a police report if this behavior continues or escalates.

It might be also be a good idea to talk to a counselor therapist to help deal with this in a healthy way.

I'm sorry to hear this happened. Good luck.
posted by Cranialtorque at 12:13 PM on May 22, 2017 [1 favorite]

Response by poster: Hi, folks. I really, really(!) appreciate some of the information given here.

Obviously I know concretely what's happened within my direct attention- but having confirmation of potential methods for invasion has offered some very welcome resolve.

Say I did wish to take this to the next level-

Does anyone happen to have any advice on legal pursuit.. ? Should I make a new post?

I'm fairly low income, but it may at the very least, be enough to make a report.. but I may have enough resources to actively pursue a case.

More advice? New thread?
posted by thewolfandewe at 4:03 PM on May 22, 2017 [2 favorites]

Call. The. Police.
posted by bq at 7:51 PM on May 22, 2017 [2 favorites]

Response by poster: Cool. Expand?
posted by thewolfandewe at 1:05 AM on May 24, 2017

Please consider contacting the Stalking Resource Center for appropriate referrals and support.
posted by anya32 at 12:16 PM on May 25, 2017 [1 favorite]

« Older Don't wrap it up.   |   Could you identify this borage-like flower? Newer »
This thread is closed to new comments.