“These apps are brutal,” Ondrej Krehel told me during a conversation about spyware, or “spouseware” as the software is sometimes called.
“It doesn’t matter what ‘intended use’ these app developers claim in their sales pitches. They are increasingly being used by teens to spy on their love interests,” Krehel said. “It’s quite prevalent.”
Krehel is CEO and founder of LIFARS, a digital forensics and cybersecurity intelligence firm. He sees spyware as a concern for consumers.
“The malware that is used to spy on terrorists and other criminals is not too different from the spyware currently marketed to consumers — although it has fewer features,” Krehel said.
What ‘Spouseware’ Can Do
FlexiSpy, mSpy and Mobile Spy are some of the names in the consumer spyware app business. The applications make it possible to monitor virtually every communication made on a targeted smartphone or computer.
The various spyware, or spouseware, apps available on the market can let users see absolutely everything that happens on a device. It’s like a surveillance camera pointed at the user’s screen.
Here’s an at-a-glance list of what kind of information would-be spies can see:
- All social media
- Encrypted messaging apps like WhatsApp
- Dating Apps
- Text messages
- Real-time GPS location
At $29.99 a month, pretty much anyone can be a spy. MSpy alone has more than a million users.
The stories of stalkers, jilted lovers and overzealous admirers are legion. In 2014, NPR reported that 85% of 72 domestic violence shelters they surveyed said they were working with victims whose abusers tracked them with GPS. Seventy-five percent said they had worked with victims whose abusers used hidden mobile apps to eavesdrop on them remotely.
While there is sadly no shortage of stories out there, most are told under the cloak of aliases. Although largely anecdotal, Krehel told me the misuse of spyware among teens was without doubt a growing problem.
“I would say 30% of the spyware users out there are young guys spying on their girlfriends,” he said.
The end user agreements are clear. These apps are to be used for legal purposes only. The marketing is not pointed at monitoring fidelity, but rather what a child is getting up to or as an enterprise tool for managing employees.
The app developers make it clear that any monitoring made possible with spyware should be done with the consent and knowledge of the party whose device is being tracked.
MSpy’s user agreement says: “User acknowledges that the Software shall be used for the purpose of monitoring, tracking and obtaining access to certain devices as cell phone and computer (including, but not limited to, email and text messages) of children and employees and other device owners with their consent hereto, including through the use of devices, on which the Software is installed.”
It is illegal to spy on someone without their consent. The problem here is that while it’s illegal, the penalties are not very serious. Krehel stated that while a person might get 30-day jail sentence or pay a fine, the damage inflicted is sometimes life-changing with victims and the people in touch with them suddenly finding themselves in divorce proceedings, losing jobs or even committing suicide.
What to Do
As with all things security-related, it is good practice to assume that the unimaginable — or in this case the prevalent — can happen to you, too. It’s also wise to take the necessary measures to prevent it.
- While it is possible to install spyware remotely on some Apple products, most often physical possession of a device is required. Never surrender your device to anyone, or leave it unattended.
- Don’t assume your passwords are unknown to those closest to you. (Check out these tips for better internet safety.)
- Never share your cloud credentials, since this makes it possible to install some types of spyware.
- Protect your passwords and change them often. Or use biometric authentication.
- Don’t assume that just because you don’t see a spyware app on your device that it isn’t there. Check for installed apps and software (this may require programs that review apps and software), and become acquainted with the software and apps out there.
- If you suspect you’ve got spyware on a device, save what needs to be saved on an external drive and wipe the device, restoring the factory default settings. But bear in mind that there are some snooping techniques (the NSA place their exploits directly on a chip in the device hardware) where a factory reset won’t help you.
- To further guard against fraud and identity theft, monitor your credit for any suspicious changes. You can get a free credit report snapshot on Credit.com.
It’s rough out there for people concerned about their privacy, but being alert goes a long way.
Adam Levin is chairman and founder of CyberScout and co-founder of Credit.com, where this article originally appeared.