There’s certainly no shortage of commercial spying apps for Android, with most positioned as parental control tools. In reality, however, these apps barely differ from spyware, with the exception perhaps of the installation method.
There’s no need to even resort to Tor Browser or other darknet activity either – all you need to do is type something like “android spy app” into Google.
They are called ‘commercial’ because anyone can buy an app like this for just a few dollars.
Kaspersky Lab mobile products detect this sort of commercial Android spyware as not-a-virus:Monitor.AndroidOS.*. According to our telemetry, the popularity of these apps has been growing in recent years:
Unique users attacked by not-a-virus:Monitor.AndroidOS.*, 2016-2017
That’s why we decided to take a closer look at this controversial type of mobile software.
Features
Almost all commercial spyware apps are installed by manually accessing the target’s phone, and this is the only big difference between these apps and classic malicious spyware like DroidJack or Adwind. Customers have to download the app, install it and enter credentials that are received after purchasing. After that, the spying app becomes invisible on the phone. Installation usually only takes a couple of minutes.
Regular installation process (https://tispy.net/install-guide.html)
Some of these tools use device admin features to gain persistence and self-protection on the target’s phone.
So what does the customer get? Features may vary, but some of them are present in almost all these kinds of apps:
- Stealing SMSs
- Stealing calls (logs/recordings)
- GPS tracking
- Stealing browser data (history/bookmarks)
- Stealing stored photos/videos
- Stealing address books (with emails and even photos sometimes)
And if you’re still not impressed, then check out the actual feature lists (in addition to the above) of some popular commercial spyware for Android. We have added the infamous Pegasus APT and Droidjack spyware to our comparison table below to show the difference in features between them and monitoring apps. Pegasus is an advanced persistent threat, created by NSO Group. Droidjack is an RAT that was sold some time ago for a $210 lifetime license. This tool is more akin to TrojWare, because of features such as remote installation and customization of your own C&C server. However, even after several users in European countries were arrested, malware author Sanjeevi claimed that Droidjack is “very useful for users who use it legally”. He stated that “Droidjack is a parental tool for remote Android administration. It is strictly meant for that and no other reasons”. Anyone who breaks these rules, adds Sanjeevi, will have their license revoked.
