



A recent study found that many popular smartphone spyware apps are not only difficult to detect and remove, but also have poor security, potentially exposing sensitive personal information. got it.

A team of computer scientists in New York and San Diego examined 14 leading spyware apps for Android phones as part of their research.

As a result, it turns out that although Google does not allow these types of apps to be sold in the app store, Android smartphones often allow them to be downloaded via the web.

iPhones don’t allow what researchers call “sideloading.” In short, consumer spyware apps tend to be limited and less invasive, say scientists.

The researchers said they disclosed all of their findings to the affected app vendors, but received no response by the time the paper was published.

The paper, entitled “No Privacy Among Spies: Evaluating the Functionality and Security of Consumer Android Spyware Apps,” will be presented this summer at the Privacy-enhancing Technologies Symposium in Zurich, Switzerland. is.

Enze Liu, lead author of the paper and a Ph.D. I think,” he said. From UC San Diego today.

Spyware apps run on devices, often without the owner’s knowledge, and can collect sensitive information such as location, texts, calls, audio and video, researchers say.

Abusers can use these apps to spy on spouses and partners, and only need temporary physical access to the device to install the spyware.

A study during the COVID-19 pandemic found a dramatic increase in the use of spyware apps.

The researchers cited one study from Norton Labs. The study found that the number of devices reporting spyware apps or “stalkerware” in the US increased by 63% between September 2020 and May 2021.

A similar study by Avast in the UK found that the use of spyware apps increased by 93% in January and February 2021 compared to the same period last year.

Spyware apps sell between $30 and $100 per month.

The app can live stream videos, activate your phone’s microphone, and more, using an invisible browser. Researchers have discovered several things that can record keystrokes by abusing mobile phone accessibility features intended for blind people.

Some accepted commands via SMS messages, but never checked to see if the text was from a real user, but they were able to remotely wipe the victim’s phone.

These apps can also hide on a person’s smartphone by appearing as a “Wi-Fi” or “Internet Services” icon.

This app launcher for Android phones displays app icons. The Spyhuman app installs itself as a harmless looking Wi-Fi icon. (University of California, San Diego)

In addition to invasive techniques, researchers found that many apps were poorly secured, whether they used unencrypted channels or stored data on public URLs. Did.

Researchers found an authentication vulnerability that allowed one app to access data for all accounts, but four apps that allowed users to delete their accounts or have their app licenses expire. No data was deleted. One app continued to collect data after the free trial period ended.

On the other hand, many apps prevented the user from uninstalling the app, or automatically restarted after shutting down.

Researchers recommend that users see their smartphone’s privacy dashboard and all the apps they have installed, and use a dashboard that allows them to monitor apps that start automatically on their own.

They say Android should enforce which apps can hide their icons, but phones should periodically notify users about apps with an excessive number of permissions. Anything with access to sensitive data should also be added to the privacy of the phone’s dashboard, the researchers said.

Other actions they suggest include action by payment companies such as Visa and PayPal, governments, and possibly law enforcement.

More spyware apps appear to be developed in China and Brazil, so researchers say more research into the supply chain is needed.

“All these challenges highlight the need for a more creative, diverse and comprehensive set of interventions from industry, government and the research community,” the researchers wrote.

“Technical defenses may be part of the solution, but the scope of the problem is much greater.”

