mSpy app lets someone remotely snoop on you through your phone or tablet

Filed Under: Data loss, Featured, Mobile, Privacy

mSpyWe all know by now that the US's National Stalker Agency - oh, excuse me, I meant to say National Security Agency (NSA) - eavesdrops on just about everybody on the planet.

Evidently, the UK is no better.

But surveillance by your own mother?

Nothing is sacred.

At any rate, that's the takeaway you get after an eyeful of the mSpy application.

mSpy is a mobile surveillance application that runs on smartphones and tablets including iPhone, Android, BlackBerry, Symbian, iPad and Galaxy Tab devices.

Its marketing promises that users who install it on their phones can "remotely spy on text messages, call logs, and emails; track location, record surroundings, and more on smartphones and tablets."

Not only that, it stealthily keeps tabs on calendar information; records conversations; determines GPS coordinates of the phone and shows the location of the target device on a convenient map.

Is that legal, you say?

Hahahahahahahahahahahaha! What an adorable question.

But yes.

Yes, it is legal, as long as the "target" is a child or an employee and the surveillance operator has informed the "target".

From the company's disclaimer:

My Spy (mSpy) is designed for monitoring your children, employees or others on a smartphone or mobile device that you own or have proper consent to monitor. You are required to notify users of the device that they are being monitored.

Its maker claims that the app is 100% undetectable by the device user, as a sale rep told The Next Web:

After complete installation the application runs in a stealth mode, so it is undetectable and completely invisible for the target phone’s user.

Physical access is required to install mSpy - which takes about 20 minutes - but not after that.

Spy. Image courtesy of Shutterstock.Your mom, your dad, your boss, or any random, creepy friend or stalker who got his or her hands on your mobile phone can remotely tweak the application's settings at any time with a convenient control panel on any internet-enabled device.

If you find a shiny new gadget under the Christmas tree in December, you may well ponder whether your benefactor has slipped you an mSpy.

Here's what the company says about determining whether somebody's installed mSpy on your gadget:

It's impossible.

Unlike other software of this kind, mSpy manages without SMS commands that appear in the message folder of the target mobile device to make the application work. The size of the activity data that gets uploaded to the server never exceeds 100kb and doesn't get noticed by the owner of the target phone when their phone bills arrive. Moreover, the mSpy application boasts a battle-tested history of insignificant battery power consumption so that the target device works as usual. Thus, it is virtually impossible for the owner of the target phone to detect the mSpy software as it can be controlled online without conspicuous connection between the server and the target phone.

Are there legitimate reasons to conduct surveillance on people?

Of course. Data leakage from corporations is one such.

Employers who choose to do so should heed the company's advice on the matter, though:

Using the mSpy cell phone tracking software for spying on employees suspected of company theft, fraud or lying is absolutely legal. Companies also have a legal right to monitor phones used in the course of conducting company business to ensure the devices are not being misused. Companies are obliged to notify employees on what type of cell phone usage is deemed acceptable. Please note that by informing staff before installing mSpy on their phones, and by having them accept this as part of using the company-owned devices you will ensure that the company will not run into any legal problems.

When it comes to monitoring employees, the buck doesn't stop here with mSpy - it stops with the employer.

Like mSpy advises, employers should make sure they inform employees regarding what's considered to be appropriate mobile device use for their role. Informing staff that they're being monitored is also a prudent thing to do.

But what about monitoring children? Parents, do you already? If not, would you? If yes, then do your kids know they're being monitored?

I wouldn't do that to anybody, and the NSA doesn't share with the likes of me, so you're just going to have to tell us your thoughts in the comments section below.

Image of spy courtesy of Shutterstock.

, , , ,

You might like

26 Responses to mSpy app lets someone remotely snoop on you through your phone or tablet

  1. Sean · 136 days ago

    "It's impossible" to detect? Challenge accepted.

  2. RichardD · 136 days ago

    If you are "required to notify users of the device that they are being monitored", then why should it be "undetectable by the device user"? If the user knows they're being monitored, then there's no point in hiding it from them.

    It's almost as if they're suggesting you can monitor people *without* their knowledge or consent, and only added the "please tell them" line to appease their lawyers.

    • Lisa Vaas · 135 days ago

      I believe that the correct legal terminology for the recommendation that targets be notified prior to software installation is "let's cover our ass."

    • OK I'm late to the party here, but their is a use case for both legal monitoring and it being "undetectable" so long as it's "undetectable" so it irremovable.

      However my guess is the company is trying to cater to... shall we say two markets...

  3. Ralph Haygood · 136 days ago

    Okay, you asked what I think of this, so here it is: BLECH. I hope not only Sophos but every other such system recognizes this atrocity as malware.

  4. Caroline Jones · 136 days ago

    I doubt the legality of using this app in the UK to spy on another person. If the activity takes place in the UK, a person would be entitled to claim a breach of Article 4 of the Human Rights Act 1998, the right to respect for private and family life. Employers and others should be very wary of breaching the law in this respect.

    • NoSpin1600 · 136 days ago

      I do not live in the UK but would the law apply if the employer owns the device being monitored and has an acceptable use policy in place?

  5. NoSpin1600 · 136 days ago

    Really, you have to notify your child that you are running the app on their phone that you pay for?

    • Anonymous · 136 days ago

      if its your phone - you have to notify yourself - if they want to borrow 'your' phone, they accept its liabilities.

    • Carmine Garnaggio · 121 days ago

      Right! - I gotta say, I agree with the implied statement - my kids - my right to know. Don't think so? If I'm letting them use my car, I'm liable for their irresponsibility. I bought the phone for them, I put it on before I give it to them. Period.

  6. Art · 136 days ago

    A couple of things...
    1. I could not find anywhere on the mSpy website where it said that physical access to the phone was required (I might have missed it) but did find in the FAQs the implication that the 'spyer' could download it from their computer to someone's phone. This isn't good!
    2. It's a subscription service where all the data goes thru the mSpy servers. The subscription is a bit pricy at $40/month/phone for a basic home service. This would probably leave folks who want to play in the dust.
    3. One of the 'testimonials' was from a woman who spied on her fiancé and found he was cheating on her. Do you suppose he gave her permission to install this on his phone? Bet not!
    Regardless - thanks for the article, it's interesting. I'll be sharing.

  7. Title · 136 days ago

    Name one government spy agency that does not collect data of any type on it's citizens.

    I personally think it is fine to put this program on your child's cell phone, as long as you let him/her know that it is monitored. Most kids won't care as long as they have a cool phone + cool app(s) of the moment.

  8. Anonymous · 136 days ago

    I am an iOS software developer. I am very skeptical of mSpy's claims of an app that can run, undetected, on a user's iPhone and monitor their use of the device. Apple has built iOS so third party apps run in a "sandbox", and don't have access to the activities of other apps. They also don't have the kernel-level access that would be required to monitor system activity. The only way I can think of that this would be possible is on jailbroken devices, and you can't hide the fact that a device is jailbroken. Jailbreaking requires the knowledge and active cooperation of someone with the device's password, and changes the way the device operates in very obvious ways.

    Rooting an Android device without the user's knowledge might be possible. I'm less knowledgeable about that platform.

    • ngyikp · 135 days ago

      According to the article on The Next Web:

      "Thankfully, the app requires physical access for installation. The iOS version requires that the client device is jailbroken, and it isn’t currently compatible with iOS 7 and recent versions of iOS 6 (6.1.3 and 6.1.4)."

    • Lisa Vaas · 135 days ago

      Thanks for your input. I would be interested to hear how this app might be detected by a layman who doesn't have iOS development chops. Then again, I'd also be interested in hearing how it would be detected by somebody who *does* have iOS development skills. Might you expand on your comment?

  9. Will · 136 days ago

    1) If it's an app, then how does it get installed on an iPhone without jailbreaking. 2) Within 48 hours of this article there will be an easy to use detection app, procedure or test that will be created by someone who despises this sort of thing. Wish it were me, but I don't have the skill.

  10. Jose · 135 days ago

    Who would like to install such a thing? Who knows it may be already installed and part of the OS :-) on our devices that 's why is not detectable By the way something that can monitor all your activity on the net is called ?

  11. Tom · 135 days ago

    I think that using it as parental control is actually justified. Do you know any other phonesspy software? mSpy is a bit expensive I think.

  12. WSG · 135 days ago

    It installs via a malicious link that is accessed via a web browser on the targeted device.

    Their "compatibility" page states that the target iOS device must be jailbroken. It also doesn't currently work on iOS 6.1.4, 6.1.5 or 7.

  13. Clemens · 100 days ago

    Just found this article, so a late-for-you-but-not-for-me comment:

    I am really a bit confused about the statements trying to justify using such an app as employer or parent.
    At the end, IT security tries to make privacy possible. But if already some Sophos readers tend to give up privacy for the sake of questionably justified control, then where is the rest of world heading to?

    What for would an employer need total transparency about what an employee ever used his/her smartphone? If you don't want loose confidential data, than better protect them at the source. Putting all this information onto mySpy's server is probably the first step towards total leakage.

    Why on earth do you need to "spy on text messages, call logs, and emails; track location, record surroundings, ..." for executing parental control? Would you want your parents do that to you?
    Your adult now? Do human rights depend on age?

    BTW: I do not believe the stealthy claim. Nevertheless, it is interesting how this obviously malicious may-be-property is good for marketing, just by sounding quite jamesbondish.

    • Human rights I agree to - Life, Liberty, and the Pursuit of Happines. Several civil rights do have an age factor.
      I do not allow my child to smoke or drink, nor is she legally allowed to vote, drive, serve in the military, or sign contracts at the age of 12. As for rights on the device, it is understood in our family that the devices belong to us parents, and are not part of personal property.
      Her privacy is based on trust and understanding of where the limits are - in advance. When she is of an age to pay for and maintain her own phone (likely 16-18), it will her device and not mine. As for if she chooses to remain on my phone during such time, yes she will be reminded again of the apps one the device and the lack of familial privacy on the account.
      This is a communication device, not her personal diary.

  14. Angeline · 62 days ago

    Installed it, never worked and they refuse to refund.

  15. ff · 43 days ago

    how do you remove it if you have it

  16. Annie · 22 days ago

    If I am in the United States and my bf is in the uk can he see my phone calls through the mobile spy app

  17. Anonymous · 9 days ago

    How would you uninstall this if you feel someone has done this to stalk you?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.