{"id":31894,"date":"2019-12-19T09:07:45","date_gmt":"2019-12-19T14:07:45","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=31894"},"modified":"2020-05-18T07:40:31","modified_gmt":"2020-05-18T11:40:31","slug":"smartphone-spying-protection","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/smartphone-spying-protection\/31894\/","title":{"rendered":"How to keep spies off your phone \u2014 in real life, not the movies"},"content":{"rendered":"<p>In the new <em>Terminator<\/em> movie, Sarah Connor puts her phone inside an empty bag of chips to hide her movements from the bad guys. Our <a href=\"https:\/\/www.kaspersky.com\/blog\/terminator-dark-fate-chips\/29156\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">recent experiment<\/a> showed that this method is actually workable (with some provisos): A couple of foil bags do indeed jam radio signals from cell towers, satellites (such as GPS), and wireless networks (such as Wi-Fi or Bluetooth). But do people actually spy on other people through these networks? Let\u2019s investigate.<\/p>\n<h2>Spying over radio: GPS, cellular, and Wi-Fi<\/h2>\n<p>Sarah Connor was concerned primarily about GPS signals. At first glance, that\u2019s logical; we use satellites to determine the exact location of a device. In reality, however, things aren\u2019t that straightforward.<\/p>\n<h3>Can you be tracked by GPS?<\/h3>\n<p>Phones do not transmit any information to satellites. The system is entirely unidirectional: The phone doesn\u2019t transmit anything through GPS, but rather <em>picks up<\/em> a signal from several satellites, analyzes how much time the signal took to arrive, and calculates its coordinates.<\/p>\n<p>So, tracking someone using only GPS is simply not possible. One would need to send those coordinates out from the phone, and the GPS standard does not provide for that.<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"rrurEO434m\"><p><a href=\"https:\/\/www.kaspersky.com\/blog\/terminator-dark-fate-chips\/29156\/\" target=\"_blank\" rel=\"noopener nofollow\">Terminator 6\/3: Sarah Connor and a bag of chips<\/a><\/p><\/blockquote>\n<p><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"\u201cTerminator 6\/3: Sarah Connor and a bag of chips\u201d \u2014 Daily - English - Global - blog.kaspersky.com\" src=\"https:\/\/www.kaspersky.com\/blog\/terminator-dark-fate-chips\/29156\/embed\/#?secret=z4buhqRksv#?secret=rrurEO434m\" data-secret=\"rrurEO434m\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<h3>Tracking through cellular networks<\/h3>\n<p>With cell towers, unlike GPS satellites, communication is bidirectional. And although determining your location is not the main task of a cellular network, it can lend a hand. Broadly speaking, someone who knows which tower is currently serving the phone <a href=\"https:\/\/www.kaspersky.com\/blog\/hacking-cellular-networks\/10633\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">can determine its location<\/a>. However, accessing that data is extremely difficult.<\/p>\n<p>Recently, researchers found a rather interesting way of discovering information about this nearest tower \u2014 through an intricate <a href=\"https:\/\/www.kaspersky.com\/blog\/simjacker-sim-espionage\/28832\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">SIM card vulnerability<\/a> that can be exploited using an ordinary computer and USB modem. However, this method requires specialized technical know-how, and so it is deployed only in high-cost, targeted attacks.<\/p>\n<p>Another consideration is that cell-tower-based geolocation is not all that accurate; it yields the general area, not exact coordinates. And whereas in a city that general area might be relatively small (your location can be found to an accuracy of several hundred yards), in rural areas, where the distance between cell towers is measured in miles, the margin of error can be enormous.<\/p>\n<h3>Tracking with Wi-Fi<\/h3>\n<p>In theory, your movements can also be <a href=\"https:\/\/www.kaspersky.com\/blog\/offline-tracking-ads\/16510\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">tracked using Wi-Fi<\/a> \u2014 when you log in to a public network, it receives certain information about you and the device you\u2019re using. Moreover, smartphones broadcast information about themselves to find available networks, and they can be tracked even if you are not connected to anything.<\/p>\n<p>The sole inconvenience is that Wi-Fi tracking is possible only when you are in the vicinity of an access point. So, although this method is practiced, it is not used for tracking specific people, rather for general monitoring of people\u2019s behavior in a certain area. For example, some shopping malls use this kind of tracking to create individual ads based on data about visits to particular stores.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kisa-generic\">\n<h2>How people are tracked in reality: Operating systems and apps<\/h2>\n<p>Spying is outright impossible by GPS, too inconvenient using Wi-Fi, and expensive and difficult through cellular networks. However, even if you are not an investigative journalist or the head of an international corporation, that doesn\u2019t mean no one but nosy advertisers is snooping on you or harvesting your data. Your GPS coordinates, personal messages, and other data might well be of interest to a mistrustful boss or jealous partner. Here\u2019s how such individuals can <em>actually<\/em> track you.<\/p>\n<h3>They can hack into your Apple or Google account<\/h3>\n<p>By default, iOS and Android collect your data. They store it in, among other places, your Apple or Google account \u2014 in the clouds. If your iCloud or Google Account gets hacked, everything that system meticulously harvested will fall into the hands of the attacker. Therefore, we recommend making sure your accounts are properly protected. At the very least, use a <a href=\"https:\/\/www.kaspersky.com\/blog\/strong-password-day\/25519\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">strong, unique password<\/a> and enable <a href=\"https:\/\/www.kaspersky.com\/blog\/what_is_two_factor_authentication\/5036\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">two-factor authentication<\/a>. At the same time, you can configure what information about you is stored in these accounts \u2014 for example, consider turning off location history.<\/p>\n<h3>They can view metadata, geotags, and check-ins<\/h3>\n<p>Unfortunately, sometimes users themselves make it easier to track them, for example, by posting <a href=\"https:\/\/www.kaspersky.com\/blog\/exif-privacy\/13356\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">photos with metadata<\/a> \u2014 information about where and when the image was taken, on which camera, etc. \u2014 on social networks. Some sites delete this information when photos are uploaded, but not all. If not, anyone will be able to see the history of the picture.<\/p>\n<p>Your check-ins and geotags also play into the hands of cybercriminals. Don\u2019t use them if you want to prevent others from tracking your movements.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kisa-generic-2\">\n<h3>They can install spyware on your smartphone<\/h3>\n<p>Many malicious apps exist to collect and <a href=\"https:\/\/www.kaspersky.com\/blog\/mobile-malware-part-3\/23971\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">transmit information from your device<\/a> to their controllers. They can track not only your movements, but also your messages, calls, and much more as well.<\/p>\n<p>Such malware usually penetrates the smartphone in the guise of a harmless app or by exploiting system <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/vulnerability\/?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=termin-explanation\" target=\"_blank\" rel=\"noopener noreferrer\">vulnerabilities<\/a>. It operates in the background and works hard to evade detection, so in most cases, the victim is not even aware that something is wrong with their mobile phone.<\/p>\n<h3>They can use spying apps \u2014 legally!<\/h3>\n<p>Alas, not all spying apps are considered malware. The category of legal spyware known as <a href=\"https:\/\/www.kaspersky.com\/blog\/stalkerware-spouseware\/26292\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">stalkerware, or spouseware<\/a>, is often positioned as a parental control tool. In some countries, the use of such spying apps is lawful, and in others their legal status is undefined. In any case, these apps are freely sold on the Internet and tend to be relatively inexpensive \u2014 in other words, it\u2019s accessible to everyone from watchful employers to jealous partners.<\/p>\n<p>True, stalkerware needs to be installed manually on a victim\u2019s device, but that\u2019s no impediment if your gadget is easy to unlock. In addition, some vendors sell smartphones with spying apps already installed. They can be given as a present or a company device.<\/p>\n<p>In terms of general functionality, legal spying apps differ little from malicious spyware. Both operate surreptitiously and leak all kinds of data, such as geolocation, messages, photos, and much more.<\/p>\n<p>Worse, they often do so without any concern for security, so it\u2019s not only the person who installed the stalkerware on your smartphone who can read your WhatsApp messages or track your movements \u2014 hackers can intercept the data as well.<\/p>\n<h2>How to guard against mobile tracking<\/h2>\n<p>The real danger of mobile tracking comes not from cellular networks and certainly not from GPS. It is far simpler and more effective to spy on a person through an app installed on their smartphone. So, instead of putting your phone inside two empty chip bags, simply protect your devices and accounts properly:<\/p>\n<ul>\n<li>Use strong passwords and two-factor authentication for all accounts, especially important ones like your Apple ID or Google account.<\/li>\n<li>Protect your devices with a strong, complex PIN and don\u2019t reveal it to anyone. No one can install spyware if the device is properly locked.<\/li>\n<li>Download apps only from official stores. Although dubious programs occasionally sneak into Google Play and the App Store, you\u2019ll find far fewer of them there than on other resources.<\/li>\n<li>Do not give <a href=\"https:\/\/www.kaspersky.com\/blog\/android-8-permissions-guide\/23981\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">permissions<\/a> to mobile apps if they seem excessive. You can always grant permissions later if they\u2019re genuinely required.<\/li>\n<li>Use a reliable security solution. For example, <a href=\"https:\/\/www.kaspersky.com\/mobile-security?icid=gl_kdailyplacehold_acq_ona_smm__onl_b2c_kdaily_wpplaceholder_sm-team___kisa____da04049114cf37d2\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Internet Security for Android<\/a>\u00a0detects not only malware but legal spyware too, and warns the device owner about it. For information about how to search out stalkerware on your smartphone, and what to do if you find it, see <a href=\"http:\/\/www.stopstalkerware.org\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">http:\/\/www.stopstalkerware.org<\/a>.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kisa-generic\">\n","protected":false},"excerpt":{"rendered":"<p>How paranoid employers and jealous partners can spy on you, and why chip bags are best left to movie heroes.<\/p>\n","protected":false},"author":2509,"featured_media":31895,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1788,2683],"tags":[43,45,3182,715,714,3181,812],"class_list":{"0":"post-31894","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-privacy","8":"category-threats","9":"tag-privacy","10":"tag-smartphones","11":"tag-spouseware","12":"tag-spying","13":"tag-spyware","14":"tag-stalkerware","15":"tag-tracking"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/smartphone-spying-protection\/31894\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/smartphone-spying-protection\/18352\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/smartphone-spying-protection\/15230\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/smartphone-spying-protection\/7332\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/smartphone-spying-protection\/20059\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/smartphone-spying-protection\/18418\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/smartphone-spying-protection\/16807\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/smartphone-spying-protection\/20821\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/smartphone-spying-protection\/19578\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/smartphone-spying-protection\/25939\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/smartphone-spying-protection\/7512\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/smartphone-spying-protection\/13568\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/smartphone-spying-protection\/13837\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/smartphone-spying-protection\/12613\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/smartphone-spying-protection\/21801\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/smartphone-spying-protection\/10567\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/smartphone-spying-protection\/26466\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/smartphone-spying-protection\/24755\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/smartphone-spying-protection\/20773\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/smartphone-spying-protection\/25640\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/smartphone-spying-protection\/25472\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/tracking\/","name":"tracking"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/31894","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2509"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=31894"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/31894\/revisions"}],"predecessor-version":[{"id":35474,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/31894\/revisions\/35474"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/31895"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=31894"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=31894"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=31894"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}