Mobile Spyware—How You Can Keep Stalkers Off Your Phone | McAfee Blog
When you wind up with mobile spyware, you may wind up with a stalker on your phone.
In its most malicious forms, mobile spyware can steal information like text messages and photos, capture passwords as you tap them in, secretly turn on your microphone or camera for recording, and track your movements using GPS.
Figuratively speaking, it’s like going about your day with a stalker peering over your shoulder.
If that doesn’t sound creepy enough, it can get worse. More than just providing attackers with a live feed of your activity, spyware can record and archive your actions. From there, it can “phone home,” meaning it sends stolen information back to cybercriminals so they can hoard it for later use.
That stolen information can lead to identity fraud and theft, such as when a cybercriminal raids your existing bank accounts, sets up entirely new lines of credit in your name, or impersonates you in several other ways. In darker scenarios, stolen photos, files, and information can lead to blackmail and harassment.
Without question, a case of mobile spyware can get serious quite quickly. Yet, it is highly preventable when you know how it can end up on your phone—and the steps you can take to keep that from happening.
How do phones get mobile spyware?
Malicious apps. They account for much of mobile spyware today.
Whether they’re downloaded from a third-party app store or even from Google Play or Apple’s App Store, the ruse remains the same: a malicious app poses as legitimate app. These apps may present themselves as games, wallpapers, productivity apps, exercise apps, utility apps, and even security apps. Instead, they’re loaded with spyware.
Google Play does its part to keep its virtual shelves free of malware-laden apps with a thorough submission process as reported by Google and through its App Defense Alliance that shares intelligence across a network of partners, of which we’re a proud member. Further, users also have the option of running Play Protect to check apps for safety before they’re downloaded.
Apple’s App Store has its own rigorous submission process for submitting apps. Likewise, Apple deletes hundreds of thousands of malicious apps from its store each year.
Yet, bad actors find ways to sneak malware into the store. Sometimes they upload an app that’s initially innocent and then push malware to users as part of an update. Other times, they’ll embed malicious code such that it only triggers once it’s run in certain countries. They will also encrypt malicious code in the app that they submit, which can make it difficult for reviewers to sniff out.
Unique to Android phones, Android gives people the option to download apps from third-party app stores. These stores may or may not have a thorough app submission process in place. As a result, they can be far less secure than Google Play. Moreover, some third-party app stores are fronts for organized cybercrime gangs, built specifically to distribute malware, making third-party download that much riskier.
Other ways spyware can end up on your phone
Someone can install it directly.
In this case, a bad actor needs physical access to your phone. If they know the passcode or if the phone is unlocked, they can tamper with the phone’s settings and install the spyware themselves. This requires access, time, and effort, yet some bad actors certainly take this approach.
Surprisingly, we’ve also seen cases where malware comes pre-installed on phones. A recent case estimated that some 9 million smartphones had spyware installed in them somewhere along the supply chain. Reportedly, the spyware could steal personal information from the phone or possibly take it over entirely for a short stretch of time.
You can spot signs of tampering on an Android phone by heading to Settings and searching for “Install Unknown Apps.” If you see any sources that you didn’t set to the “On” position or a third-party website you don’t recognize, it indicates that apps from outside official app stores could have been installed in the device. Such apps are generally riskier than apps from official sources like Google Play. While not an outright indication of spyware, you should set those to “Off.”
On an iPhone, directly installing spyware takes a bit more effort. Typically, it requires “jailbreaking” the phone. This process tampers with the operating system and removes software restrictions so the iPhone can access third-party app stores and download unapproved apps. Both are highly risky activities and the reason why Apple’s iOS enforces such restrictions in the first place.
Put plainly, “jailbreaking” is not safe.
In the hands of bad actors, they can install an app called “Cydia” on a jailbroken iPhone. Cydia is an unapproved app store that offers potentially dangerous modifications and apps. If you spot Cydia on your iPhone, it’s certain sign of tampering.
The signs of mobile spyware
Not long ago, you could often see or even feel if your smartphone was infected with spyware. It could run hot, like it was left out on blanket at the beach, because the spyware ate up computing cycles while it ran in the background. It could drain batteries or lead to sluggish performance. That’s not always the case anymore. Spyware has become leaner and more efficient in recent years, so cybercriminals can better mask their attacks.
Some signs that are better indicators of spyware include:
Spikes in data use.
Whether through your phone’s data connection or through a Wi-Fi connection, unexpected increases in usage could be a sign that your phone is communicating with a third party.
Difficulty logging into your accounts the first time.
A phone infected with spyware may communicate your activity to a third party, rather than to the legitimate login. The legitimate site or service never receives the first login attempt, forcing you to log in again.
Difficulty logging into your accounts at all.
This may be a sign that a cybercriminal already hacked your password, logged in under your name, and then changed the password to one of their own. (Note that this could also be a sign of a compromised or stolen password and not necessarily a sign of spyware.)
Other apps like antivirus and online protection software get shut down.
Some types of spyware can gain administration-level privileges to your phone and drop its defenses, leaving you yet more vulnerable.
You spot signs of fraud or theft.
Above we mentioned how cybercriminals use spyware to gain login credentials to banks and credit cards, and even steal personal items like files and photos. If you spot any unusual activity or find yourself threatened with demands, it’s possible that spyware could be a possible cause among others.
Seven steps to protect yourself from mobile spyware
1. Update your phone’s operating system.
Along with installing security software, keeping your phone’s operating system up to date can greatly improve your security. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks. It’s another tried and true method of keeping yourself safe—and for keeping your phone running great too.
2. Avoid third-party app stores.
As mentioned above, Google Play has measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites may very well not, and they may intentionally host malicious apps as part of a front. Further, Google is quick to remove malicious apps from their store once discovered, making shopping there safer still.
3. Review apps carefully.
Check out the developer—have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps may have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.
4. Go with a strong recommendation.
Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.
5. Keep an eye on app permissions.
Another way hackers weasel their way into your device is by getting permissions to access things like your location, contacts, and photos—and they’ll use malicious apps to do it. If an app asks for way more than you bargained for, like a simple puzzle game that requests access to your camera or microphone, it might be a scam. On Android, recent spyware usually requests REQUEST_IGNORE_BATTERY_OPTIMIZATIONS permission to execute the malicious behavior in the background. If you see behaviors like these, delete the app.
6. Tidy up.
Remove old, unused, and underused applications that could be future vectors of attacks.
Along this line, we’ve seen where mobile applications change ownership (whether they get sold or others take over its operations), and the new owners don’t have the same standard operating procedures as the founders.
7. Lock your phone—and keep an eye on it too.
As mentioned above, some bad actors will install spyware on phones themselves. However, this requires access, time, and effort to pull off. Locking your phone and always keeping it close can help prevent bad actors from infecting your phone this way.
8. Protect your phone.
Comprehensive online protection software can secure your phone in the same ways that it secures your laptops and computers. Installing it can protect your privacy, keep you safe from attacks on public Wi-Fi, and automatically block unsafe websites and links, just to name a few things it can do.