Android’s security woes need no introduction, but another threat that hasn’t received its fair share of awareness relates to spyware and stalkerware apps. These apps can secretly be installed on a victim’s phone to monitor their activity and can be exploited to harass victims of domestic abuse and engage in online stalking. All someone needs is physical access to the victim’s phone to install these apps, which is not too difficult in cases of domestic abuse.
A majority of these apps were also able to secretly access the camera feed and the microphone for multimedia capture, taking screenshots via a remote command and even accessing protected data. But that’s not where the horror tale ends. Since these are core services for a phone, a lot of users won’t want to engage with them out of fear that it would break the corresponding systems on their phone. But there’s more to the threat factor here. “We’ve also seen advanced cases where these apps are able to hide on the app screen or the app launcher,” Liu said.
Some of these don’t even show a preview, directly capturing the video and transmitting it secretly. One of these apps, called Spy24, uses a secret browser system to stream full-resolution camera footage. Phone call and voice recording is also a fairly common trait among these applications. While these readily available spyware apps are dangerous on their own, another aspect that raises concern is their weak security when it comes to storing stolen personal information. A healthy bunch of these apps transmitted the data over unencrypted HTTP connections, which means a bad actor can eavesdrop on the Wi-Fi network and gain access to all of it.