There’s certainly no shortage of commercial spying apps for Android, with most positioned as parental control tools. In reality, however, these apps barely differ from spyware, with the exception perhaps of the installation method.
There’s no need to even resort to Tor Browser or other darknet activity either – all you need to do is type something like “android spy app” into Google. They are called ‘commercial’ because anyone can buy an app like this for just a few dollars.
Kaspersky Labs’ Observation
According to Kaspersky Lab‘s telemetry, the popularity of these apps has been growing in recent years. Almost all commercial spyware apps are installed by manually accessing the target’s phone, and this is the only big difference between these apps and classic malicious spyware like DroidJack or Adwind. Customers have to download the app, install it and enter credentials that are received after purchasing. After that, the spying app becomes invisible on the phone. Installation usually only takes a couple of minutes.
Some of these tools use device admin features to gain persistence and self-protection on the target’s phone. Features may vary, but some of them are present in almost all these kinds of apps:
- Stealing SMSs
- Stealing calls (logs/recordings)
- GPS tracking
- Stealing browser data (history/bookmarks)
- Stealing stored photos/videos
- Stealing address books (with emails and even photos sometimes)
The ‘Stealing social media/IM data’ feature is particularly important. It means that the spyware is able to attack other social media or messenger apps (depending on the specific product), for example, Facebook, Viber, Skype, WhatsApp, etc. As a result, an attacker can observe messenger conversations, feeds and other personal data from the victim’s social media profile. These products use the same techniques as standard malicious spyware to steal data, and sometimes on a bigger scale.