Stalking via mobile phone has become a favorite activity of the mentally unhinged everywhere—jilted wives, jealous boyfriends, or any one person who cannot stop obsessing over another. Most smartphones today contain everything a stalker needs to keep solid tabs on their mark, and, in contrast to iPhones and iOS, the Android platform is much more open.

Android users can easily root their phones, sideload apps, and use all of Google's services to communicate reams of information. This flexibility is great when used for good, creative purposes. But it's also very easy to turn them around and use them against someone. A stalker can place an Android phone user in a compromised position simply by getting their Google account password or getting access to the phone itself, even for only a minute or two.

What follows is a guide to taking ownership of your Android phone aimed mostly at less savvy users, especially those who many have had their phone set up for them by someone else. Of course, it's a bad idea to let something as sensitive as a smartphone leave your sight for even a minute, as physical access gives malefactors a lot of leeway. Someone who is your friend now might not be your friend forever—according to a 2009 report from the Bureau of Justice Statistics, nearly 75 percent of stalking victims know their stalker in some capacity. Most people with smartphones rarely give what the phone is doing or information that it is communicating a second thought beyond e-mails and texts, playing a game or two, and making phone calls. But given how powerful smartphones are, it's important for every user to take ownership of their device and monitor it carefully—stalking doesn't always mean direct harassment.

For some of the tactics we describe here to work, a healthy level of obliviousness would be required on the part of the victim. Counteracting them may involve little more than paying attention to a phone's alerts rather than immediately dismissing them, keeping track of the icons in the menu bar, and so on. Really, this is the level of awareness that everyone should probably have by default, but we become blasé about it after the thousandth popup telling us an app has finished downloading an update.

Other tactics would be more difficult to implement on the part of the stalker, but they're not impossible, and they can leave little obvious trace. As the National Center for Victims of Crime put it during 2011 Senate hearing on mobile privacy:

Given the insidious nature of electronic monitoring, not all victims realize that they are being tracked and stalked, making it impossible to determine just how many cases involve covert digital monitoring through mobile devices. Nevertheless, it is reasonable to assume that the actual number of cases is much higher than the incidents reported by victims.

Only a couple of the tactics described here require any kind of high-level knowledge. Much can be accomplished by a stalker with little more than access to a one-click rooting tool, the Google Play store, and a Web browser.

Before we begin, we'll go over some things this guide is not. It is not meant to shame anyone for their lack of technical knowledge or place blame on the victim for compromised hardware or software; nor is it an indictment of Android as an operating system that is too vulnerable for the less technically inclined. It's also not an indictment of Google, not any more so than any similar set of services. Google, as a provider of services, must strike a security balance between "any yokel can get your password" and "a Google account, once lost, is lost forever." It's only partially an indictment of applications developed to give broad access to a phone's information, as many of them are developed in good faith. Unfortunately, some aren't and many naively lack good security controls. This guide is also not meant to whip anyone into a panicked distrust of their smartphone—we will teach you how to bring it under your control. Lastly, we don't intend to provide advice on how to stalk someone. Stalking is a scumbag move, always. Don't do it.

Take ownership of your Google account

I wish this were as simple as changing your Google account password, but there are a couple of different levels of security you need to traverse to make sure no one else has control of your Google account. Aside from having access to your Gmail, Docs, calendar, and other sensitive information, someone with control of your Google account can also send apps to download on your phone via Google Play's Web interface. And if someone has set up your account correctly, they don't even need your password to do it.

To make sure you're the only one controlling your Google account, go to your Google account, hit the link to Products, and then the button on the left that reads "Sign into Dashboard." Click "manage account," and then "change recovery options."

Google offers a number of ways to get your password if you've forgotten it, including alternate e-mail addresses, text messages or calls to a phone number, and security questions. If someone has added one of their own phone numbers or e-mails to the recovery options, a password change would be meaningless—they could just hit "I can't access my account" and set a new password (Google won't give the old password to them).

How quickly you notice your password no longer works will depend on how often you use your Google account. But it's not impossible you'll assume you've forgotten the right password (it's been so long since you had to log in! Why do you have to suddenly log in? Who knows!), reset it without noticing the extra nefarious recovery option, and continue about your business. Google will send an e-mail notifying you that your password was changed, but a good stalker isn't going to let that just sit in your inbox. When you try to log in but can't because the password has been changed, Google will also pop an alert that your password was changed "[x] days ago." That's another clue, though not a very in-your-face one. Likewise, your phone will let you know that your credentials are no longer working and will stop pushing the relevant data to your phone, even if it won't tell you why.

Hence, give the page of recovery options a good long look. Remove any that look suspicious or others may have access to (shared e-mail addresses, for instance). Google doesn't offer the ability to remove security questions as a recovery option, which is a shame, as they can be too easy to guess (particularly for someone who knows or has been watching you). But Google does let you write your own question, so you should change it to something completely nonsensical. How many siblings do you have? Purple, that's how many.

Once those are taken care of and you aren't leaving yourself in a position that will let someone undermine your password changes... change your password. We repeat everyone's advice that it should be lengthy and complex. In fact, a password should be like a good movie: just long enough that you aren't bored by the end, but complicated enough that you don't get it the first time.

For extra security, Google also offers two-step verification, which requires you to enter both your password and a code sent to your phone to log into your account. Someone may still have access to your phone at this stage, so we wouldn't turn it on yet. Once your phone is locked down this is a pretty convenient security option, however.