Commercial spying apps for Android devices are available with a simple Google search. While these apps have been designed for parental control or businesses tracking their employees, security researchers warn the potential misuse of these apps is on the rise.
A security researcher at Kaspersky Lab has discovered that these spying apps, which allows one to snoop on text messages, calls, and Facebook conversations, are being openly advertised on Google and their popularity has grown dramatically over the year.
“Installing such apps, even on your child’s device, is a risky step that could lead to malware infection, data leaks or other unpleasant consequences,” Kaspersky Lab researcher Alexey Firsh is quoted as saying in an IBT report.
According to the security experts, these commercially available apps differ slightly from spyware which is used by hackers or cybercriminals. One of the exceptions when it comes to features is the installation method. Commercial spyware is installed manually on the target’s phone, by first downloading the app, entering credentials and later making the app hidden on the target’s device. Hacking tools, on the other hand, can be installed remotely.
The researcher notes in his blog that commercial spying apps are a growing threat because commercial spyware is distributed from its own site which results in vendors prompting users to enable ‘Allow install of non-market applications’ setting. Now, this makes the device open to malware installation. This method of distribution is also contrary to Google’s policy.
Additionally, as some commercial spyware works on a rooted device, the vendor could also recommend the user to root the target device for the features to work. This again leaves the backdoor open for potential malware infection.
Despite being positioned in the market as parental control spying apps, one of such apps called FlexiSpy used catch phrases such as “How to catch a cheating spouse” for advertisement. What makes the commercial spyware even more dangerous that it is discoverable easily right from the Google search engine and can be purchased for under £100 (Rs 8,000 approximately).
In the blog, Firsh suggests that users could protect their phones by ensuring they use a password, PIN, or fingerprint so that the device is not easily accessible by a person with bad intentions. Given the complex nature of such apps, the laws in cases of conflict are yet to be concrete. Meanwhile, Google is reportedly taking action against such apps which have been used for illegal use of hacking or cyber stalking.