{"id":26292,"date":"2019-04-03T10:42:06","date_gmt":"2019-04-03T14:42:06","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=26292"},"modified":"2022-10-18T08:04:27","modified_gmt":"2022-10-18T12:04:27","slug":"stalkerware-spouseware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/stalkerware-spouseware\/26292\/","title":{"rendered":"What’s wrong with “legal” commercial spyware"},"content":{"rendered":"

It\u2019s safe to say that almost everyone has wanted to spy on someone at least once in their life, whether to make sure your partner is faithful, your kid has not fallen in with the wrong crowd, or your employee is not being courted by competition. The technologies for spying on colleagues and families are in great demand, which is universally known to breed supply.<\/p>\n

The supply is represented by quite an impressive range of so-called legal spyware apps (aka stalkerware or spouseware), which can be installed on your employee\u2019s or family member\u2019s device for a relatively modest fee. These apps stay hidden and keep their users informed about device location, browser history, SMS messages, social media chats, and more. Some of them can even make video and voice recordings.<\/p>\n

Stalkerware\u00a0\u2014 unethical but legal (almost)<\/h2>\n

From a moral standpoint, it is not good to use stalkerware: Installed without the owner\u2019s knowledge or consent, it operates in the background and has access to very personal information. Yet such applications are not illegal in many countries, even though spying on family members is legally prosecutable. Developers try to squeeze through legal loopholes, for example, by referring to their products as parental control solutions.<\/p>\n

It\u2019s no wonder people continue to buy these technically legal apps, unethical though they may be. Over the past year, more than 58,000 users have detected stalkerware on their phones or tablets with the help of our products alone. Of those, 35,000 had no idea about the stalkerware installed on their devices until our protection solution completed its first scan.<\/p>\n

Stalkerware can leak your data<\/h3>\n

Despite its legal status, stalkerware is dangerous indeed. These apps put at risk both the subject and the object of spying. How do such apps pass the collected data to the person who installed them? By uploading it to a server where the user can access it and sift through the catch. So if you decide to spy on an employee suspected of dirty play, all of their incoming and outgoing letters with every confidential document and project detail will end up on that server, including the ones written by you. If you\u2019re keen to learn the secrets of your love interest, your wooing messages, too, will be on the record.<\/p>\n

But what\u2019s wrong with that, you being the only person who can view this data? The problem is, you are probably not the only one. The app developer is almost certain to have access to it, too.\u00a0That\u2019s for starters. Worse, this sensitive data may end up in the hands of malefactors or even become publicly available.<\/p>\n

In August 2018, a researcher known as L.\u00a0M. discovered a vulnerability<\/a> in the Android app TheTruthSpy, which was sending login and password data without encryption. The hacker took advantage of it to get hold of photos, voice recordings, messages, and location data from 10,000 devices controlled using the spyware.<\/p>\n

In March 2019, another researcher, Cian Heasley, discovered a whole MobiiSpy server was publicly available<\/a>. It held more than 95,000 photos, including intimate ones, and more than 25,000 voice recordings. MobiiSpy\u2019s hosting provider, Codero, responded to the incident by blocking the resource<\/a>.<\/p>\n

According to Motherboard, a total of 12\u00a0stalkerware developers have leaked data<\/a> over the past two years. That means by installing such an app on someone\u2019s device, you are almost certain to compromise both them and yourself.<\/p>\n

Stalkerware\u00a0breaches device protection<\/h3>\n

Even the stalkerware installation process is not safe. First, most of these apps fail to comply with the policies of official stores such as Google Play, so you will not find them featured. That means, in the case of an Android device, you have to consent to installing third-party apps \u2014which, in turn, opens the door to hosts of malware.<\/p>\n

Second, stalkerware often claims lots of system rights, even down to root access<\/a>, which puts the app in full control of the gadget\u00a0\u2014 in particular, giving it the right to install other apps.<\/p>\n

Moreover, some spying apps insist that protection solutions be deactivated \u2014 or they simply get rid of them, if authorized to do so.<\/p>\n

That is where stalkerware is different from legal parental control apps, which do not try to hide themselves on the device, or deactivate the antivirus, and they can be found in official marketplaces. That\u2019s why parental control apps, unlike stalkerware, do not pose a threat to their users.<\/p>\n\n

Protecting yourself from legal stalkerware<\/h3>\n

As you can see, it\u2019s best to think twice before installing stalkerware on someone else\u2019s gadgets. We also advise following these tips to make certain that nobody can plant a \u201cgift\u201d like that on your own device:<\/p>\n