Is your smartphone spying on you?

In recent years, an increasing number of smartphone spyware apps have been developed. Between September 2020 and May 2021, the use of such apps increased by 63 percent in the U.S. and 93 percent in the UK, posing significant privacy risks. 

While publicly marketed as tools for monitoring underage children or employees, these apps – which are hard to notice or detect and will easily leak the sensitive personal information they collect – are also frequently used by people to covertly spy on a spouse, partner, or other individuals. 

Spyware apps are rather cheap (with a monthly fee ranging between $30 and $100), require little to no technical expertise to install and use, only need temporary access to their victims’ devices, and can easily record these devices’ activities – such as text messages, emails, photos, or voice calls – and allow abusers to remotely review this information through a web portal.

Now, a team of scientists from the University of California, San Diego and New York University (NYU) has performed an in-depth technical analysis of 14 leading spyware apps for Android phones, which – by contrast to iPhones – commonly allow such invasive apps to be downloaded from the internet. 

The analysis revealed that these apps use a wide range of techniques to surreptitiously gather data (such as invisible browsers), can record phone calls via the device’s microphone, can exploit accessibility features on smartphones allowing them to record keystrokes, and can masquerade as “Wi-Fi” or “Internet Service.”

Moreover, since spyware apps often use unencrypted communication channels to transmit the data they collect and store it in public URLs accessible to anyone with a link, their protection of sensitive user data is minimal.

According to the researchers, in order to counter spyware, a more creative, diverse, and comprehensive set of interventions from the industry, government, and the scientific community is urgently needed. 

“Our recommendation is that Android should enforce stricter requirements on what apps can hide icons. Most apps that run on Android phones should be required to have an icon that would appear in the launch bar. We recommend that all actions to access sensitive data be added to the privacy dashboard and that users should be periodically notified of the existence of apps with an excessive number of permissions,” the authors wrote.

“While technical defenses can be part of the solution, the problem scope is much bigger. A broader range of measures should be considered, including payment interventions from companies such as Visa and Paypal, regular crackdowns from the government, and further law enforcement action may also be necessary to prevent surveillance from becoming a consumer commodity,” they concluded.

The study – which will be presented this summer at the Privacy Enhancing Technologies Symposium in Zurich, Switzerland – can be found here.

—

By Andrei Ionescu, Earth.com Staff Writer

Check us out on EarthSnap, a free app brought to you by Eric Ralls and Earth.com.