How to Tell if Your Cellphone Has Spyware

Smartphone Spyware is Hard to Detect and Can Leak Personal Information

Author: University of California - San Diego
Published: 2023/03/15 - Updated: 2024/01/09
Publication Type: Instructive / Helpful - Peer-Reviewed: Yes
Contents: Summary - Main - Related Publications

Synopsis: Smartphone spyware apps that allow people to spy on each other are hard to notice and detect, and they easily leak sensitive personal information. These apps require little to no technical expertise from the abusers, offer detailed installation instructions, and only need temporary access to a victim's device. After installation, spyware apps covertly record the victim's device activities, including text messages, emails, photos, or voice calls, and allow abusers to review this information through a web portal remotely.

Spyware

Spyware (spying software) is any software that installs itself on your computer and covertly monitors your online behavior without your knowledge or permission. Spyware is malware that secretly gathers information about a person or organization and relays this data to other parties. It is installed without user consent by methods such as a drive-by download, a trojan included with a legitimate program, or a deceptive pop-up window.

Main Digest

Smartphone spyware apps that allow people to spy on each other are not only hard to notice and detect, but they also will easily leak the sensitive personal information they collect, says a team of computer scientists from New York and San Diego.

While publicly marketed as tools to monitor underage children and employees using their employer's equipment, spyware apps are also frequently used by abusers to covertly spy on a spouse or a partner. These apps require little to no technical expertise from the abusers, offer detailed installation instructions, and only need temporary access to a victim's device. After installation, they covertly record the victim's device activities - including text messages, emails, photos, or voice calls - and allow abusers to review this information through a web portal remotely.

Spyware has become an increasingly serious problem.

In one recent study from Norton Labs, the number of devices with spyware apps in the United States increased by 63% between September 2020 and May 2021. A similar report from Avast in the United Kingdom recorded a stunning 93% increase in the use of spyware apps over a similar period.

If you want to know if your device has been infected by one of these apps, you should check your privacy dashboard and the listing of all apps in settings, the research team says.

"This is a real-life problem, and we want to raise awareness for everyone, from victims to the research community," said Enze Alex Liu, the first author of the paper No Privacy Among Spies: Assessing the Functionality and Insecurity of Consumer Android Spyware Apps and a computer science Ph.D. student at the University of California San Diego.

Liu and the research team will present their work at the Privacy Enhancing Technologies Symposium in the summer of 2023 in Zurich, Switzerland.

Researchers performed an in-depth technical analysis of 14 leading spyware apps for Android phones. While Google does not permit the sale of such apps on its Google Play app store, Android phones commonly allow such invasive apps to be downloaded separately via the Web. The iPhone, in comparison, does not allow such "side loading," Thus, consumer spyware apps on this platform tend to be far more limited and less invasive in capabilities.

What are Spyware Apps?

Spyware apps surreptitiously run on a device without the device owner's awareness. They collect sensitive information such as location, texts, calls, audio, and video. Some apps can even stream live audio and video. All this information is delivered to an abuser via an online spyware portal.

Spyware apps are marketed directly to the general public and are cheap-typically between $30 and $100 per month. They are easy to install on a smartphone and require no specialized knowledge to deploy or operate. But users need temporary physical access to their target's device and the ability to install apps, not in the pre-approved app stores.

How Do Spyware Apps Gather Data?

Researchers found that spyware apps use various techniques to record data surreptitiously. For example, one app uses an invisible browser that can stream live video from the device's camera to a spyware server. Apps also can record phone calls via the device's microphone, sometimes activating the speaker function in hopes of capturing what interlocutors are saying as well.

Several apps also exploit accessibility features on smartphones, designed to read what appears on the screen for vision-impaired users. On Android, these features effectively allow spyware to record keystrokes, for example.

Researchers also found several methods the apps use to hide on the target's device. For example, apps can specify that they do not appear in the launch bar when they initially open. App icons also masquerade as "Wi-Fi" or "Internet Service."

Four of the spyware apps accept commands via SMS messages. Two apps the researchers analyzed didn't check whether the text message came from their client and executed the commands anyway. One app could even execute a command remotely, wiping the victim's phone.

Continued below image.
This app launcher on an Android phone displays app icons: the Spyhuman app installed itself as the innocuous-seeming WiFi icon. What are spyware apps? Spyware apps surreptitiously run on a device, most often without the device owner's awareness. They collect sensitive information such as location, texts, calls, audio, and video. Some apps can even stream live audio and video. All this information is delivered to an abuser via an online spyware portal - Image Credit: Jacobs School of the Engineering/University of California San Diego.
This app launcher on an Android phone displays app icons: the Spyhuman app installed itself as the innocuous-seeming WiFi icon. What are spyware apps? Spyware apps surreptitiously run on a device, most often without the device owner's awareness. They collect sensitive information such as location, texts, calls, audio, and video. Some apps can even stream live audio and video. All this information is delivered to an abuser via an online spyware portal - Image Credit: Jacobs School of the Engineering/University of California San Diego.
Continued...

Gaps in Data Security

Researchers also investigated how seriously spyware apps protected the sensitive user data they collected. The short answer is: not very seriously. Several spyware apps use unencrypted communication channels to transmit the data they collect, such as photos, texts, and location. Only four out of the 14 the researchers studied did this. That data also includes the login credentials of the person who bought the app. All this information could be easily harvested by someone else over WiFi.

In most applications the researchers analyzed, the same data is stored in public URLs accessible to anyone with the link. In addition, in some cases, user data is stored in predictable URLs that make it possible to access data across several accounts by simply switching out a few characters in the URLs. In one instance, the researchers identified an authentication weakness in one leading spyware service that would allow all the data for every account to be accessed by any party.

Many apps retain sensitive data without a customer contract or after a customer has stopped using them. Four of the 14 apps studied don't delete data from the spyware servers even if the user deleted their account or the app's license expired. One app captures data from the victim during a free trial period but only makes it available to the abuser after they have paid for a subscription. And if the abuser doesn't get a subscription, the app keeps the data anyway.

How to Counter Spyware

"Our recommendation is that Android should enforce stricter requirements on what apps can hide icons," researchers write. "Most apps that run on Android phones should be required to have an icon that would appear in the launch bar."

Researchers also found that many spyware apps resisted attempts to uninstall them. Some also automatically restarted themselves after being stopped by the Android system or after the device reboots.

"We recommend adding a dashboard for monitoring apps that will automatically start themselves," the researchers write.

To counter spyware, Android devices use various methods, including a visible indicator to the user that can't be dismissed while an app is using the microphone or camera. But these methods can fail for various reasons. For example, legitimate uses of the device can also trigger the indicator for the microphone or camera.

"Instead, we recommend that all actions to access sensitive data be added to the privacy dashboard and that users should be periodically notified of the existence of apps with an excessive number of permissions," the researchers write.

Disclosures, Safeguards and Next Steps

Researchers disclosed all their findings to all the affected app vendors. No one replied to the disclosures by the paper's publication date.

To avoid abuse of the code they developed, the researchers will only make their work available upon request to users who can demonstrate their legitimate use of it.

Future work will continue at New York University in the group of associate professor Damon McCoy, a UC San Diego Ph.D. alumnus. Many spyware apps seem to be developed in China and Brazil, so further study of the supply chain that allows them to be installed outside these countries is needed.

"All of these challenges highlight the need for a more creative, diverse, and comprehensive set of interventions from industry, government, and the research community," the researchers write. "While technical defenses can be part of the solution, the problem scope is much bigger. A broader range of measures should be considered, including payment interventions from companies such as Visa and Paypal, regular crackdowns from the government, and further law enforcement action may also be necessary to prevent surveillance from becoming a consumer commodity."

About the Study

The work was funded in part by the National Science Foundation and had operational support from the UC San Diego Center for Networked Systems.

No Privacy Among Spies: Assessing the Functionality and INsecurity of Consumer Android Spyware Apps

Cornell Tech: Sam Havron

New York University: Damon McCoy

UC San Diego: Enze Liu, Sumath Rao, Grant Ho, Stefan Savage and Geoffrey M. Voelker

Attribution/Source(s):

This peer reviewed publication pertaining to our Disability Apps section was selected for circulation by the editors of Disabled World due to its likely interest to our disability community readers. Though the content may have been edited for style, clarity, or length, the article "How to Tell if Your Cellphone Has Spyware" was originally written by University of California - San Diego, and submitted for publishing on 2023/03/15 (Edit Update: 2024/01/09). Should you require further information or clarification, University of California - San Diego can be contacted at the ucsd.edu website. Disabled World makes no warranties or representations in connection therewith.

📢 Discover Related Topics


👍 Share This Information To:
𝕏.com Facebook Reddit

Page Information, Citing and Disclaimer

Disabled World is an independent disability community founded in 2004 to provide disability news and information to people with disabilities, seniors, their family and/or carers. See our homepage for informative reviews, exclusive stories and how-tos. You can connect with us on social media such as X.com and our Facebook page.

Permalink: <a href="https://www.disabled-world.com/assistivedevices/apps/phone-spyware.php">How to Tell if Your Cellphone Has Spyware</a>

Cite This Page (APA): University of California - San Diego. (2023, March 15). How to Tell if Your Cellphone Has Spyware. Disabled World. Retrieved March 2, 2024 from www.disabled-world.com/assistivedevices/apps/phone-spyware.php

Disabled World provides general information only. Materials presented are never meant to substitute for qualified professional medical care. Any 3rd party offering or advertising does not constitute an endorsement.