We may earn commissions when you buy from links on our site. Why you can trust us.
Mobile Security Apps Perform Dismally against Spyware
Mobile spyware can have a devastating effect on your life; the constant fear that a spouse, significant other or even employer is following your every move, knows everything about your life and has completely removed any vestige of privacy. (If you have any doubt about this, read the comments from readers from our March 2012 story on mobile spyware).
And spyware is not as rare as you may think. According to mobile security company Lookout, .24% of Android phones they scanned in the U.S. had surveillance-ware installed intended to target a specific individual. Sophos reports a similar .2% infection rate from spyware. If those numbers hold true for Android users in general, that would mean tens of thousands could be infected.
I set out to test the leading Android anti-malware vendors to see how they fared at protecting us against the threat of spyware. Spyware apps I used for this test go far beyond basic location trackers or “find my phone” services. While features varied, all the apps I tested performed a combination of highly intrusive monitoring techniques, including recording of calls, remote camera image capture, downloading of SMS messages, downloading of photos and videos, downloading of contacts, remote microphone activation, and recording and tracking of websites visited. You can find out more about how I define spyware, how I picked the spyware apps and how I tested in the FAQ below.
The results, generally speaking, were dismal. Of twelve products I tested, none was able to detect more than two-thirds of the samples. Many missed half or more of the spyware apps. And, surprisingly, the potential spyware apps least likely to be detected were those widely available in Google Play.
And this isn’t just an Android issue. I was able to easily install spyware on an iPhone 3GS, with essentially the same functions as on an Android phone. The only difference between the iOS process and that of Android was that I was required to jailbreak the iPhone (modifying the operating system to get past the built-in security controls) first. Nonetheless, the full process took less than an hour.
I was unable to test anti-malware for iOS devices because there isn't any; Apple’s restrictions on what apps sold within iTunes can do prevents effective anti-malware products. However, the iOS app from Lookout did warn that the iPhone was jailbroken—a pretty clear indicator something may be up with your phone.
BlackBerries using operating systems older than BB10 are susceptible to the same spying risks. I successfully ran Mobistealth on a BlackBerry Torch and the (very) limited security choices available in BlackBerry World—NQ Mobile and McAfee—were unable to detect it.
Read my recommendations below for advice on how to protect yourself.
Summary of the results
Across the board, overall performance was far lower than I expected. The best anti-malware applications in our testing (Avast Mobile Security, Norton Mobile Security, Trend Micro Mobile Security, and TrustGo Security) only picked up six of our nine samples, a 66% detection rate. In any other malware detection testing, this would be considered dismal. The worst (ESET Mobile Security and NQ Mobile) only caught three of the nine, a 33% detection rate. Kaspersky Mobile Security, McAfee Antivirus & Security, and Sophos Security fell in the middle of the pack.
[UPDATE 9/24/15: TrustGo Security appears to no longer be in business. While the app is still available in Google Play, you should not download it as neither the app nor malware definitions are being kept up to date.]
While it’s difficult to make statistical conclusions for how these programs would fair against a larger sample of spyware apps, the fact is the spyware apps tested should have been easy hits for the security companies. Each has been around for quite some time (years in many cases), and has either been reported in the media or is easily available via a Google Search. Plus, each app tested was already flagged by at least one security vendor as malware. And, counter-intuitively, the spyware apps that were most likely to be missed were those that are either currently available in Google Play or were in the past.
So why the poor showing? I spoke to representatives from half of the anti-malware companies included in the test and there seems to be a fundamental disconnect between how they identify which apps categories to focus on and where the real risks lie for U.S. smartphone owners.
First, there seems to a strong bias by security vendors (especially those based outside the U.S.) towards focusing on apps that are available through foreign app markets, where many of the newest malware risks originate. The problem is that most U.S. smartphone owners are unlikely to download an app from a Russian or Chinese app store, so covering these apps does little to protect us. And since spyware programs are usually downloaded directly from individual vendors, not through an app store, these products are missed entirely by many security vendors.
Second, security companies are not capturing as many spyware risks as they should because of their philosophy of classifying this type of software as “Potentially Unwanted Apps” (PUA). Since, the argument goes, PUAs require someone to manually install it and agree to the terms, and since PUAs could have (legally) valid uses, such as parental tracking, employee monitoring (with, presumably, informed consent) or tracking down a phone thief, these apps are not included in the threat databases, regardless of how dangerous they could be in the wrong hands. The presumption of valid use is a major pitfall to proper detection of threats. And more than one security company told me they also had liability concerns about identifying PUAs as “malware”—instead waiting for Google or another security company to take the first step in classifying the app before they did so as well.
A more robust approach for security companies would be to identify PUAs during scans as potential malware so users can make their own determination about whether the app is wanted or not.
I spoke to many of the security vendors after the testing about the results for their product. Reactions were mixed. Most I spoke with showed a desire to develop a more robust methodology. Others, clung to the notion that potentially legitimate apps should not generate warnings—hopefully, shedding some sunlight on this topic will cause them to reconsider their position.
Why my test results are different than other anti-malware tests
Many of the anti-malware programs performed well in overall anti-malware testing from anti-malware testing lab AV-TEST, yet did poorly in my spyware-specific tests. How did these programs get such high detection rates when they seemed to be largely ignoring the spyware threat?
The reason became obvious when I looked more deeply into the methodology. AV-TEST, one of the most well-known testers of anti-malware solutions, only tests Android security programs with “malicious apps discovered in the last 4 weeks.” The spyware apps I tested have been available for months or years.
I reached out to AV-TEST to get the rationale behind the methodology.
According to Maik Morgenstern, Chief Technology Officer of AV-TEST, “Android malware is very short-lived. If malware makes it for example into the Google Play Store it will usually be removed after a few days. Also if an anti-virus vendor detects a certain malware sample, it is usually shared with other vendors so that in a few days most users are protected from this malware sample...So testing [old malware] would give a false impression of the real protection level, where protecting against relatively new samples counts."
Obviously, this did not match what we saw with our spyware testing, so I asked him how AV-TEST handles spyware, specifically.
“PUA/PUP/Adware/Spyware whatever you call it, is another story. Some vendors decided to not detect those as they are not necessarily a threat...The question is where do these apps cross the line? And this is very difficult to say. Therefore we are testing against PUA/PUP in our tests but don't publish the results until a consensus has been reached in the industry. Else we would hurt certain vendors that deliberately decided to not detect those apps for good reasons.”
In short, the industry is broken when it comes to spyware. Because security vendors can’t agree to classify spyware as malware, testing organizations ignore it in their evaluations. The result – protection rankings that don't reflect the true risks faced by U.S. mobile phone users. It’s time for the industry to take a stand and agree that apps that can be used to intrude your privacy should be identified in malware testing, even if they may have legitimate uses, as well.
Recommendation for smartphone owners
To keep your phone from being compromised, always use a strong password on your lock screen (one that a potential spy close to you wouldn't guess). It’s also helpful to check to see if you have USB Debugging Mode turned on in Android (it’s off by default), which would allow someone to bypass the lock screen to install apps. If it’s on, that’s a bad sign, and you should turn it back off or do a factory reset of your device.
Given the poor showing from all of the anti-malware vendors, Android owners concerned about spyware on their phones should use a combination of security apps to scan. I would recommend Webroot SecureAnywhere, which did a better job than most at finding spyware apps from Google Play (though it did a poor job elsewhere), plus either Avast! Mobile Security, Norton Mobile Security or TrustGo Security. For the purposes of spyware detection, paid apps showed no benefit over free apps (and, in general, actually performed worse).
While there is no way for iPhone owners to directly scan for spyware, installing spyware on an iPhone requires the phone to be jailbroken. So a security app like Lookout Security that warns if your iPhone is jailbroken will do the trick. A jailbroken iPhone can be fixed by upgrading to the latest iOS release.
[UPDATE 12/16/14: since this article was written, certain holes were identified in iOS that exploit the iPhone's connection to trusted networks and devices to allow someone with access to the network or device to download significant amounts of personal data. Jailbreaking the iPhone was not required. Fortunately, those holes have been patched in iOS 8. For more information, see: http://www.zdziarski.com/blog/?p=3820]
BlackBerry owners are mostly out of luck. Your best bet if you suspect you are being spied on is to do a factory reset of your phone.
I didn't test Windows Phone because of the very low ownership rate and, fortunately for Windows 7 & Windows 8 phone owners, difficulty finding spyware apps to test. Similar to BlackBerry, if you strongly suspect your Windows phone may have been compromised, a factory reset will likely resolve the issue.
Detailed testing results
The following nine applications that have the potential to be used as spyware were tested. The chart lists the commercial name, the app name that will appear in the running apps list and whether or not the app is available through Google Play (or, to the best of my knowledge, was formerly available).
Commercial name | Application name | Google Play? |
---|---|---|
Kidlogger | Kidlogger | No |
Mobile Spy | SIM Toolkit | No |
Mobistealth | Lookout Secur | No |
MobiUcare | MobiUcare | Yes |
PDA Spy | Zend Setup, Invisible | Formerly |
Phone Control | Android Manager | Formerly |
SMS Tracker | SMS Tracker | Yes |
Spytic | com.android, preference.help | No |
Theftspy | Android Framework | Formerly |
Avast! Mobile Security
Hit rate: 6 of 9
Allows ignore: No
Spyware detected: Kidlogger, Mobile Spy, Mobistealth, PDA Spy, Phone Control, Spytic
Spyware missed: MobiUcare, SMS Tracker, Theftspy
AVG Antivirus Security
Hit rate: 5 of 9
Allows ignore: Yes, with no “unignore”
Spyware detected: Kidlogger, Mobistealth, PDA Spy, Phone Control, Spytic
Spyware missed: Mobile Spy, MobiUcare, SMS Tracker, Theftspy
Bitdefender Mobile Security
Hit rate: 4 of 9
Allows ignore: No
Spyware detected: Kidlogger, Mobistealth, PDA Spy, Spytic
Spyware missed: Mobile Spy, MobiUcare, Phone Control, SMS Tracker, Theftspy
Eset Mobile Security
Hit rate: 3 of 9
Allows ignore: No
Spyware detected: Kidlogger, PDA Spy, Spytic
Spyware missed: Mobile Spy, Mobistealth, MobiUcare, Phone Control, SMS Tracker, Theftspy
Kaspersky Mobile Security
Hit rate: 4 of 9
Allows ignore: No
Spyware detected: Kidlogger, PDA Spy, Spytic, Theftspy
Spyware missed: Mobile Spy, Mobistealth, MobiUcare, Phone Control, SMS Tracker
Lookout Security & Antivirus
Hit rate: 6 of 9*
Allows ignore: Yes, but shows message and user can see ignored app list
Spyware detected: Kidlogger, Mobile Spy*, Mobistealth , PDA Spy, Phone Control, Spytic
Spyware missed: MobiUcare, SMS Tracker, Theftspy
Special notes: Mobile Spy was missed in our first round of testing, but picked up in our second round. This was after I had discussed initial results with Lookout and mentioned Mobile Spy as one of the tested apps (we only discussed three of the nine), so it’s possible Lookout added the protection as a result of our conversation.
McAfee Antivirus & Security
Hit rate: 4 of 9
Allows ignore: No
Spyware detected: Kidlogger, PDA Spy, Phone Control, Spytic
Spyware missed: Mobile Spy, Mobistealth, MobiUcare, SMS Tracker, Theftspy
Norton Mobile Security
Hit rate: 6 of 9*
Allows ignore: No
Spyware detected: Kidlogger, Mobile Spy, Mobistealth*, PDA Spy, Phone Control, Spytic
Spyware missed: MobiUcare, SMS Tracker, Theftspy
Special notes: I discussed this story with Norton prior to commencing and mentioned Mobistealth as one of the apps to be tested.
NQ Mobile
Hit rate: 3 of 9
Allows ignore: No
Spyware detected: Kidlogger, Mobistealth , SMS Tracker
Spyware missed: Mobile Spy, MobiUcare, PDA Spy, Phone Control, Spytic, Theftspy
Sophos Security
Hit rate: 5 of 9*
Allows ignore: Yes.
No indication apps have been ignored. Ignore reset buried in separate menu.
Spyware detected: Kidlogger*, PDA Spy*, Phone Control, Spytic, Theftspy*
Spyware missed: Mobile Spy*, Mobistealth, MobiUcare, SMS Tracker
Special notes: Sophos provided a list of spyware apps (but not the underlying apk) to help us identify apps for this story (indicated with *). One they provided, Mobile Spy, was actually not picked up by their scan. This may be due to two spyware apps sharing a similar name or Sophos detecting an earlier version.
Trend Micro Mobile Security
Hit rate: 6 of 9
Allows ignore: No
Spyware detected: Kidlogger, Mobistealth, PDA Spy, Phone Control, Spytic, Theftspy
Spyware missed: Mobile Spy, MobiUcare, SMS Tracker
TrustGo Security (9/24/15: No longer operating - do not download)
Hit rate: 6 of 9
Allows ignore: Yes. Ignored apps buried in separate menu
Spyware detected: Kidlogger, Mobile Spy, Mobistealth, PDA Spy, Phone Control, Spytic
Spyware missed: MobiUcare, SMS Tracker, Theftspy
Webroot SecureAnywhere
Hit rate: 5 of 9
Allows ignore: Yes. Ignored apps buried in separate menu
Spyware detected: Kidlogger, Mobistealth, MobiUcare, SMS Tracker, PDA Spy
Spyware missed: Mobile Spy, Phone Control, Spytic, Theftspy
FAQs
How I define "Spyware"
For my study, I chose to define spyware as apps which capture significant information about an individual that could be used for tracking, monitoring and…well…spying. All of the apps I tested could be remotely controlled by a third party and deliver purloined content to them via a web interface, email or text message.
Just to be clear, these surveillance apps go far beyond basic location trackers or “find my phone” services. While features varied, all the apps I tested performed highly intrusive monitoring, including recording of calls, remote camera image capture, downloading of SMS messages, downloading of photos and videos, downloading of contacts, remote microphone activation, and recording and tracking of websites visited. With the exception of email access, which I wasn’t able to get working with the Nexus 4 I used for testing (though it may work on other devices), a potential spy could monitor every means of personal communication on your device, track your exact location at any time and even listen to your offline conversations. (See Android Spyware Apps: How Dangerous Are They? for additional details on monitoring capabilities)
That is some very, very scary stuff.
Spyware apps, not surprisingly, also do an excellent job at hiding themselves. Most showed no icon on the list of phone apps. The only way to find them was to look in the list of running apps within the Android settings menu. Even there, the apps often attempted to disguise themselves with names that sounded like system processes (e.g., Android Manager, SIM Toolkit, Android Framework) or security services (LookOutSecure).
Some security vendors I spoke with objected to the inclusion of apps such as MobiUcare (available in Google Play) in the test group on the grounds they are intended for the legitimate purpose of finding a lost or stolen phone. And they're right – MobiUcare could be used for legitimate purposes. However, its ability to track location, remotely record audio and take photos without the user being aware, and hide the app icon from the app drawer also make it a candidate for malicious spying.
It is important to note that all of the spyware I tested required someone to have physical access to your phone to install it. While this may make spyware seem to be less of a threat than malware that comes in the form of bad apps you download from an app market, it also reflects the deeply personal nature of the invasion, as someone close to you must be the perpetrator.
How I picked what potential Spyware to test
Since there is no comprehensive database of spyware apps (in fact, there’s not even agreement among the security vendors how to define “spyware”), I decided to use a “real-case scenario” approach to identify the apps for my testing. I took the perspective of a would-be spy and searched for apps using Google search, stories about spyware that had appeared in various media publications and searching the Google Play market. Using this approach quickly turned up a core group of apps for testing.
I supplemented my list with a sample of additional spyware apps identified by Sophos and Lookout. Since including these apps potentially biases the results in favor of those vendors, I indicate in the detailed results where a tested app was identified by the company.
In all, I tested nine apps that met my criteria for potential spyware: Kidlogger, Mobilespy, Mobistealth, MobiUcare Phone Locator, PDA Spy, Phone Control, SMS Tracker, Spytic, and Theftspy.
How I tested
For testing on Android, I used a stock Google Nexus 4 running Android 4.2.2. I changed the security settings to allow installation of apps from unknown sources, but did not root the phone.
Each piece of tested malware was loaded onto the phone and then run against each of the anti-malware solutions. When the anti-malware app gave me a choice, I always ran a “full” scan and checked boxes to scan for Potentially Unwanted Apps (PUAs). I scored the scan as a success if the anti-malware flagged the spyware as malware, PUA or similar designation. Since many of the detected spyware apps were classified as “PUA”, offering users the option to ignore PUA apps seems highly unwise. It would be far better to identify the apps and give users the option to “ignore” them individually.
I also note in the testing when the anti-malware app allows you to “ignore” identified risks and how those ignored apps are displayed in future scans. When it comes to spyware, the ability to ignore risks creates a huge potential hole for spies to hide their activities. If you have existing security software on your phone, the spy could ignore any warning during the spyware install process, effectively hiding the risk from future scans and giving you a false sense of security. One program I tested, AVG Antivirus Security gave no indication a risk had been ignored and no obvious way to see or reset the ignore list. Other apps, such as Sophos, TrustGo and Webroot, bury the ignored risks in separate menus that average users could easily miss. Of those programs that allow ignoring risks, only Lookout handled the process properly, clearly showing in the scan results both found risks and ignored risks.
I used the free version of the anti-malware apps for the testing unless the paid version offered additional protection features. Though each of the apps offers a wide variety of features, the scope of the testing was purely to focus on the spyware detection capabilities.
Discussion
I also know my Chinese phone is infected out of the box. The phone is not rooted so I can’t uninstall the malware yet. Of course it would be the best to root and uninstall the malware apps. I will, when I know how.
I tried all these mentioned apps above, but none of them found the infected apps!!
Now I did found some solution/app to make sure there is no information from my phone sent to anybody I don’t trust.
This app is ‘noroot firewall’. It will block all internet trafic of all apps in the first place, and you can decide if you want to allow an app to access the internet or not.
The app works by setting up a VPN connection. I don’t know if I can trust this app, but I also did not find any bad reviews on the web.
So I guess I can trust this app.(for now)
One thing is for sure. It does a good job in blocking internet access for the malware on my phone.
I started to go through the list of apps listed ^^ (Can you update this?) as I too, unfortunately have had enough reason to suspect the X of sending me MMS messages that have been launching a mobile spy program… he’s done it numerous times. This morning’s tipoff was the Mobile Network Not Found and stayed as such until I rebooted my phone. This phone, and several before it have been showing all of the classic examples… rapid battery drainage, spikes in data usage, calls dropped, the phone coming on without touching it, text messages received from unknown users with bitly urls., etc. So, in looking through all of the apps on the phone, there is in fact, SIM Toolkit. Is there any way to cipher if this is Mobile Spy? It has a huge list of “Permissions” up to and including “TRANSPORTING_CALLER_NAME” “UPDATE_MUTE_STATUS”, “change network connectivity” etc. And, if it is in fact Mobile Spy (Last June, the X even had the audacity to “accidentally” forward me an email about a special MobileSpy was having) and if so, what do I do next from a prosecution standpoint? BUT, if this is a part of the Lollipop OS on Samsung, it sure as heck is able to do a lot of subversive things - and at this point just need to know if he’s genuinely guilty, or if I’m a victim of one too many he’s done it before… HELP?
There is an app called SIM Tookit in Lollipop, so can’t tell just from the name (if you see two SIM Tookits, that’s a flag). The best thing to do is run one of the antispyware apps above that were able to detect SMS Tracker to make sure. I actually recommend downloading at least TWO of the programs, to have a better shot of picking something up.
If there is spyware, unfortunately, it is very difficult (if not impossible) to prove who put it there. Though you could consult an attorney or law enforcement (FBI may be more helpful than local as a violation of federal wiretapping laws, though I suspect not). In any case, if you are concerned about spying, the best thing to do is a full factory reset of your device. That should eliminate any spyware.
I have yet to see any spyware that can be installed without physical access to a device, so don’t allow your ex to use your phone (obviously) and set up a lockcode no one else knows to prevent access should someone else get their hands on it.
Thanks for the reply. There seem to be a few apps out there that can be installed via mms executables/api’s, including MobileSpy. I’ve got two security apps running, disabled the trusted certificates (many of which were foreign) and have done all that I can think of… divorce seal was freshly branded, but that’s not to say years of X’s beahvior get wiped clean instantly. Keep this page up to date, I’ve referenced ita number of times as have others. thanks and stay vigilant peeps.
I have never seen spyware that can install itself via MMS (and I’ve been looking). MobileSpy requires direct access to the phone to install - see: http://www.mobile-spy.com/android-ms7.html.
In fact, beyond direct access to download and install, MobileSpy (and any other spyware app that doesn’t come through Google Play) also requires changing your phone’s default security setting to allow apps from “Unknown sources”, which can only be done directly on the device through the Settings menu.
What about all the frequency pairing spyware that does not require physical contact like this: http://www.remotecellspy.com/
A site rife with grammatical errors and ZERO screen shots of the actual app or any details about how this supposedly magical technology gets installed on your phone or the target device? Is there a support page? No. Install instruction page? No.
If you buy this, you will lose your money and get nothing. Total scam.
Here’s a report from ripoffreport.com referencing another name this scam operates under (the same used by the Contact Us on Remote Cell Spy): http://www.ripoffreport.com/r/Mobile-Monitoring-Elite-Remote-cell-spycom/nationwide/Mobile-Monitoring-Elite-Remote-cell-spycom-Kelsey-is-the-name-in-my-emails-I-got-from-t-1170062
Sir,
Thanks for the all information which you provide here. Actually this is the best ever article which I read about Mobile security as of now. It explain every thing without doing any partiality. Thanks For that and Keep up the good work. I would like post one request from you..Please include Dr. Web mobile security for your next test. I read once that is a great security app which doing its job very silently.
Best regards
My ex has someone tracking me, reading my emails and texts, listening to my calls, deleting information on my phone, changing contact information and then they report back to him. These people have hacked into every account I have. They know when I am gone and come into my apartment and take food and any other items they want. Items from my car have been taken also. They have taken all my personal information and this has been going on for over a year. They have stolen thousands of dollars of items. They never leave any evidence or show any forceable entry. Please contact me by email so I can go into more detail. I have an iPhone 6 and I am at my wits end. I am hoping you can help me. Thank you.
I’ve been living this hell for several years. I cannot tell you how many phones, computers, email accounts I’ve gone through to get just a moment of privacy/security before I’m right back where I started…complete infiltration/ spy ware….whatever.
I’d love to know what steps you’ve taken….is there hope?
but if you do. like Susan, you are probably a victim of organised stalking. the covert home entry is a classic part of it. sometimes comes under the title of ‘gaslighting’. im a victim myself
research it but be aware there is a HELL of a lot of disinformation on the subject.. which is how you know its veracity. look into ‘ella free’‘s channel on youtube. she is for real and interviews victims going through the same ordeal. its crazy but unfortunately, very real indeed
also not certain about some of these things needing physical access to install. but im not the expert so i’ll defer for now. great article, regardless
Hi,
I am a toronto realtor who is being stocked by individuals who follow me from home to work and every place I go. I believe my ex-husband is behind the harrassment. I also believe that it is through my iphone text messages, etc. that I am being tracked down. It is terrifying.
My question:
Would my problem cease if I were to purchase a new phone device, but still keep the same telephone number???
I was told in the recent past, that even if I purchase a new phone device, my problem would persist if I keep the same telephone number, since the phone number is what was targeted by the criminal stockers….please advice.
Thanks,
Ana
my friend is confused that is it possible to check whatssaap, IMO chat and call history because he is talking with his brother in law and her husband doubt on my friend and he said her husband said he have a whatsaap call history chat record so thtas why my friend is worried so is it possible or her husband just talking false?
I understand that this is an old post, but I have to comment because it is the first truly relevant result from my many searches on the subject. My countless attempts at searching out information on this subject matter consistently produce completely irrelevant, outdated or worthless search results. I find the majority of links (despite what the search engines list summary describes) lead to various spyware product reviews and comparisons, product sales and support, etc… It’s all about promoting, advocating the product and legitimizing it’s use and any such practices in the public eye. Any negative aspect is trivialized or mocked (in my mind) with shallow, naive, simple minded, worthless fluff. What this says about the society and culture of our world is no doubt disturbing. Even more disturbing for me is the fact that I’m not at all surprised. I am experienced.
Your observations mirror my reasoning for writing this article in the first place. This is a major area of sleaziness that is poorly covered and has not been taken seriously by a large portion of the antimalware community.
I certainly appreciate a little validation for a change. As far as I’m concerned Google, Bing, etc. are far too complicit in all of this.
It’s amazing how the modern generation seems to be overly geared for tolerance and dumbing down even as their egos swell with a sense of superiority and sophistication that will surely bring peace to the middle east and save the world!
I mean look at all those geniuses over at Google… so much effort and algorithmic consideration is spent on second guessing my intended search subject or the relative requirements for information of any specificity. Instead they’ve built some sort of fuzzy logic around that greatest of white elephants in the room MONEY, PROFIT and CONSUMER MARKETING (three elephants?)
These days I feel as if any serious online querying or research is more akin to impulse shopping for data. Not only does that not make any sense, but it also keeps me occupied for hours on end! Apparently the store has heard of the product I’m looking for, but if there is any in stock I’ll never find it. Instead I end up buying some beef jerky and a copy of Penthouse just for the sake of not coming home empty handed.
Can you please update and revise this as it’s misleading. This page still shows up as one of the top results when you type android anti spyware. I did my own tests using anti spy mobile and it got all potential spy apps like cerberus, prey anti theft, surveillance apps, couple tracker and more, didn’t miss any. I also used incognito anti spy and it detects all commercial spy apps like mspy. This page makes people believe anti spyware is less effective than it is and has them either use bad apps or avoid it altogether.
Can you please update this and include the spy apps I recommended namely anti spy mobile. I bought a phone and never did a spyware scan because this page convinced me they didn’t work. Luckily there was nothing on it but I didn’t know how powerful these things are. Some can survive factory resets. Many others may come across this and think the same.
My recommendation is pretty clear in the article: “Given the poor showing from all of the anti-malware vendors, Android owners concerned about spyware on their phones should use a combination of security apps to scan.” I don’t see how that could be read as “you shouldn’t do a spyware scan at all”. While this article is now pretty dated, that advice has not changed.
The apps used in this paper don’t work. The article presents itself as all anti spyware apps as not working. The “combination of apps” would be assumed by readers to be the ones you recommended here, not third party ones never mentioned. You should’ve said to try other apps in the play store. You were recommended this app in the comments.
The apps above all worked to some degree - some, obviously, better than others. Scanning with a combination of apps will make things better by eliminating a portion of the holes (both ones I identified and others that are likely out there). It’s not ideal, but far better than nothing.
I don’t recommend people randomly try security apps in the play store. There are far too many bogus apps out there, some of which can create privacy or adware issue of their own. And users have no way of knowing whether any app will work better than the apps listed above (if they work at all). Anti Spy Mobile was one app that I didn’t include in the the original article, but which did well in later testing against this particular list of spyware apps. Though I haven’t evaluated how well Anti Spy Mobile would perform against the wider range of mobile attacks that now exist (see https://www.techlicious.com/tip/how-to-tell-if-your-phone-has-been-hacked/). For the greater breadth of protection, I have more confidence in the security apps from folks like Lookout.
One final question. Please answer it I don’t mean to offend you. There are plenty of Updates in this article one being from september 2015 and you regularly comment. Have you been redoing these tests occasionally during these updates when you come back and add something, editing the results. Or are the results from when you first wrote this and you don’t update them.
The big challenge with this test was determining which spyware programs to test (there are many out there, so I tried to those “most likely” to be used by a typical person. And given that these are the among the most popular, they should have been the ones anti-malware apps would pick up. The fact they didn’t was disappointing.
However, once this test was run and the results given to the vendors most, but not all, immediately updated their detection records to pick them up, making retesting with this group of apps useless. It would be interesting to come up with a different spyware mix and retest the vendors, but haven’t had time to tackle it. There are also new attack vectors beyond direct app install that are harder for us to test.
FWIW, at the time this was written in 2013, the use of lockcodes on phones was less common than it is today (I say that anecdotally, as I don’t have stats to support it). All of the spyware apps above required direct access to a user’s device, so could be easily prevented by having a lock code and not allowing anyone else to access your phone. Once you allow that access, all bets are off.
Let me clarify on why people will believe anti spyware apps don’t work. All of the anti spyware apps failed to detect the EXACT SAME 5 or 6 spyware. If all the apps fail to detect the EXACT SAME spyware that tells you anti spyware apps don’t work.
Combinations of apps won’t matter either as it appears like all anti spyware fail to detect the same apps, which is dangerous and untrue. So you really should clarify this and add these new apps.
Thanks, hope you understand and waiting to speak with you again.
Respectfully James richardson.
My phone is hacked by anyone..he hacked my call record images and everything….how i can i protect my phone…what can i do to safe my phone
Can you advise me on what to do ive had spyware for years its really really extreme iv had all payed antivirus but there useless iv had 14 brand new phones and email adds phone numbers and tablets but still have it i am almost certain my id has been stolen,all i have is debts and threats ive lost my family and friends they think im textin stuff to them i think my neighbours could get robbed and so much worse i swear it can track my car when i dont have my phone with me,reroute my calls redirect web sites link to anything anyone easy whatever distance away it records broadcasts videos use my phone omore than me unlock with my face when cameras are coverd it rings ppl gets my contacts its privileged users it can kill my battery or charge it in a min works with no battery in and no one will look at it iv been sectioned and im really struggling iv got no one or nothing to take so its gona spread or somet and i dont wana be responsible for ppl losing everything i darnt mention it plz if you look ul be glad you did its huge its not reported but its dangerous to everyone i promise i have proof i could send xx i probs wont get a reply by email it wont be there so i dont know what to do all it wud take is a look ive 265 critical exploits i know stagefright is a huge prob its coming back itl ruin tech its impossible its terrorfyin x
I was using my sister’s hot spot and ...now I don’t know if this is why but,let me explain. My photos from my phone popped up on my roommate laptap. I have never paired with that device. How did she get my photos on her laptop?
Most spyware detection apps don’t work very well. This is because they use a matching list of “known” spyware signatures for detection. New spyware is never caught, and even with periodic list updates 100% is never achieved.
SpyWarn.com uses a different approach. It evaluates what your phone is actually doing, subjectively and technically. Since all spyware is doing something - over and above your normal usage - it makes all spyware easy to spot.
It won’t tell you the type of spyware, but you can evaluate whether you have a problem, or not.
For technical reasons, there is only an Android version of this app.
iwant my cell phone back to normal and Stop hacking because I want my file back and I want to contact my family so pls help me because somebody hacked my cell phone
Read More Comments: 1 2
From Jennifer on May 11, 2015 :: 12:38 am
Where do I begin. My boyfriend is very knowledgeable when it comes to computers and phones and I’ve seen him hack a signal and access people’s personal computers. I know my phone is hacked but I also know he takes extra steps to avoid detection. My phone is doing everything a hacked phone would do. I have many questions but my main one would be if he knows my IP ADDRESS and Mac address etc…can he access computer and devices no matter what? If possible I would like to email more specific information and questions.
Reply