Sophos Cloud Optix
We all know by now that the US’s National Stalker Agency – oh, excuse me, I meant to say National Security Agency (NSA) – eavesdrops on just about everybody on the planet.
Evidently, the UK is no better.
But surveillance by your own mother?
Nothing is sacred.
At any rate, that’s the takeaway you get after an eyeful of the mSpy application.
mSpy is a mobile surveillance application that runs on smartphones and tablets including iPhone, Android, BlackBerry, Symbian, iPad and Galaxy Tab devices.
Its marketing promises that users who install it on their phones can “remotely spy on text messages, call logs, and emails; track location, record surroundings, and more on smartphones and tablets.”
Not only that, it stealthily keeps tabs on calendar information; records conversations; determines GPS coordinates of the phone and shows the location of the target device on a convenient map.
Is that legal, you say?
Hahahahahahahahahahahaha! What an adorable question.
But yes.
Yes, it is legal, as long as the “target” is a child or an employee and the surveillance operator has informed the “target”.
From the company’s disclaimer:
My Spy (mSpy) is designed for monitoring your children, employees or others on a smartphone or mobile device that you own or have proper consent to monitor. You are required to notify users of the device that they are being monitored.
Its maker claims that the app is 100% undetectable by the device user, as a sale rep told The Next Web:
After complete installation the application runs in a stealth mode, so it is undetectable and completely invisible for the target phone’s user.
Physical access is required to install mSpy – which takes about 20 minutes – but not after that.
Your mom, your dad, your boss, or any random, creepy friend or stalker who got his or her hands on your mobile phone can remotely tweak the application’s settings at any time with a convenient control panel on any internet-enabled device.
If you find a shiny new gadget under the Christmas tree in December, you may well ponder whether your benefactor has slipped you an mSpy.
Here’s what the company says about determining whether somebody’s installed mSpy on your gadget:
It's impossible.
Unlike other software of this kind, mSpy manages without SMS commands that appear in the message folder of the target mobile device to make the application work. The size of the activity data that gets uploaded to the server never exceeds 100kb and doesn't get noticed by the owner of the target phone when their phone bills arrive. Moreover, the mSpy application boasts a battle-tested history of insignificant battery power consumption so that the target device works as usual. Thus, it is virtually impossible for the owner of the target phone to detect the mSpy software as it can be controlled online without conspicuous connection between the server and the target phone.
Are there legitimate reasons to conduct surveillance on people?
Of course. Data leakage from corporations is one such.
Employers who choose to do so should heed the company’s advice on the matter, though:
Using the mSpy cell phone tracking software for spying on employees suspected of company theft, fraud or lying is absolutely legal. Companies also have a legal right to monitor phones used in the course of conducting company business to ensure the devices are not being misused. Companies are obliged to notify employees on what type of cell phone usage is deemed acceptable. Please note that by informing staff before installing mSpy on their phones, and by having them accept this as part of using the company-owned devices you will ensure that the company will not run into any legal problems.
When it comes to monitoring employees, the buck doesn’t stop here with mSpy – it stops with the employer.
Like mSpy advises, employers should make sure they inform employees regarding what’s considered to be appropriate mobile device use for their role. Informing staff that they’re being monitored is also a prudent thing to do.
But what about monitoring children? Parents, do you already? If not, would you? If yes, then do your kids know they’re being monitored?
I wouldn’t do that to anybody, and the NSA doesn’t share with the likes of me, so you’re just going to have to tell us your thoughts in the comments section below.
Image of spy courtesy of Shutterstock.
“It’s impossible” to detect? Challenge accepted.
lol
i assume your a beginner hacker looking into the attacking side of it.
Why would someone want to take the time to do this to someone? Why would they if you aren’t doing anything to them?
I’m not snooping on anyone. Would someone be snooping on me?
If you are “required to notify users of the device that they are being monitored”, then why should it be “undetectable by the device user”? If the user knows they’re being monitored, then there’s no point in hiding it from them.
It’s almost as if they’re suggesting you can monitor people *without* their knowledge or consent, and only added the “please tell them” line to appease their lawyers.
I believe that the correct legal terminology for the recommendation that targets be notified prior to software installation is “let’s cover our ass.”
I believe that to be true
OK I’m late to the party here, but their is a use case for both legal monitoring and it being “undetectable” so long as it’s “undetectable” so it irremovable.
However my guess is the company is trying to cater to… shall we say two markets…
The point is that your supposed to tell them that you’re going to be monitoring them, you just don’t have to tell them when.
Or even how.
This unfortunately creates a way for people to dishonestly invade the privacy of people even without let them know. Sadly deceptive and very dishonest practices and invasion of privacy of people’s lives is encouraged by these provisions. Doesn’t make it okay. If churches use this on their people is deceptive practice and the user should look themselves in the mirror and ask themselves how they’d feel to have their very privacy invaded so secretly….. horrifying when you think about it actually and a disrespect to people…
For spousal use, creates a lack of safety and trust issue….
Those options create atmospheres that are Ill natured practices of control when you realize the outcome and use of the invasion of privacy.
Its mentioned from a legal company standpoint to cover their own end. Of course a parent or a partner is gonna possibly put the app on their child or lovers pbone and not tell them. And honestly thank God there is things like this to help people find out stuff they need to know.
Okay, you asked what I think of this, so here it is: BLECH. I hope not only Sophos but every other such system recognizes this atrocity as malware.
I doubt the legality of using this app in the UK to spy on another person. If the activity takes place in the UK, a person would be entitled to claim a breach of Article 4 of the Human Rights Act 1998, the right to respect for private and family life. Employers and others should be very wary of breaching the law in this respect.
I do not live in the UK but would the law apply if the employer owns the device being monitored and has an acceptable use policy in place?
Really, you have to notify your child that you are running the app on their phone that you pay for?
if its your phone – you have to notify yourself – if they want to borrow ‘your’ phone, they accept its liabilities.
Right! – I gotta say, I agree with the implied statement – my kids – my right to know. Don’t think so? If I’m letting them use my car, I’m liable for their irresponsibility. I bought the phone for them, I put it on before I give it to them. Period.
And if someone is on welfare you should be able to look into their private bank accounts and monitor/ control every penny they spend too? Would that then extend to the government, who is keeping track of the economy, monitoring how YOU spend/ save every penny in order to protect the (now struggling) economy (you’re a citizen in their country benefiting from their governing/ services, even just by living there so they may claim the right to do this eventually. They fix the roads, for instance which is a public tax paid service)? Just because you spend money on something doesn’t mean you can violate the rights of the person who received the money/ item/ service… There are huge privacy concerns here. you cannot violate other people’s basic rights under any circumstances… The minute people make excuses to violate one persons, it extends and expand to eventually include everyone. Those rights are there for a reason, and are being eroded on a massive scale now, all over the world. It is getting dangerous and ridiculous and I refuse to put up with it on my end.
I absolutely agree! People love to get on the band wagon about those receiving some kind of social security and are happy to see various human rights given away in exchange for getting that assistance. In reality however, everyone is making use of the tax-paid system – roading, education, etc. and indeed, in the process rights ARE given away. What education people’s kids are receiving, the content of the ‘messages’ they’re receiving – we Big Daddy government is paying, so Big Daddy says what gets taught. All sorts of compromises to basic human rights and freedoms are going on in the name of ‘protection’ and ‘for the greater good’. Bah! Wake up people, do you want to have your life run for you?
I totally agree, if my child is under 18 it is my business what they’re doing. Especially if I suspect they’re being dishonest or have been dishonest in the past. As a parent and for the safety of my child I definitely have the right to know whatever I want to know about my child. If they’re over 18 and don’t live at home I will give them their privacy. Bc we all have to have privacy. But do any of us have total privacy with anything. No not in this day and age and the insidious technology that’s terrorizing our world. But in some circumstances it can help or even save a life.
A couple of things…
1. I could not find anywhere on the mSpy website where it said that physical access to the phone was required (I might have missed it) but did find in the FAQs the implication that the ‘spyer’ could download it from their computer to someone’s phone. This isn’t good!
2. It’s a subscription service where all the data goes thru the mSpy servers. The subscription is a bit pricy at $40/month/phone for a basic home service. This would probably leave folks who want to play in the dust.
3. One of the ‘testimonials’ was from a woman who spied on her fiancé and found he was cheating on her. Do you suppose he gave her permission to install this on his phone? Bet not!
Regardless – thanks for the article, it’s interesting. I’ll be sharing.
Name one government spy agency that does not collect data of any type on it’s citizens.
I personally think it is fine to put this program on your child’s cell phone, as long as you let him/her know that it is monitored. Most kids won’t care as long as they have a cool phone + cool app(s) of the moment.
I don’t think they even have to be told especially if they’ve given reason not to be trusted but sware up and down that they haven’t been dishonest anymore but then learned they have but still insist theyve changed!! Spy away if ya ask me!!
I am an iOS software developer. I am very skeptical of mSpy’s claims of an app that can run, undetected, on a user’s iPhone and monitor their use of the device. Apple has built iOS so third party apps run in a “sandbox”, and don’t have access to the activities of other apps. They also don’t have the kernel-level access that would be required to monitor system activity. The only way I can think of that this would be possible is on jailbroken devices, and you can’t hide the fact that a device is jailbroken. Jailbreaking requires the knowledge and active cooperation of someone with the device’s password, and changes the way the device operates in very obvious ways.
Rooting an Android device without the user’s knowledge might be possible. I’m less knowledgeable about that platform.
According to the article on The Next Web:
“Thankfully, the app requires physical access for installation. The iOS version requires that the client device is jailbroken, and it isn’t currently compatible with iOS 7 and recent versions of iOS 6 (6.1.3 and 6.1.4).”
Thanks for your input. I would be interested to hear how this app might be detected by a layman who doesn’t have iOS development chops. Then again, I’d also be interested in hearing how it would be detected by somebody who *does* have iOS development skills. Might you expand on your comment?
1) If it’s an app, then how does it get installed on an iPhone without jailbreaking. 2) Within 48 hours of this article there will be an easy to use detection app, procedure or test that will be created by someone who despises this sort of thing. Wish it were me, but I don’t have the skill.
Who would like to install such a thing? Who knows it may be already installed and part of the OS 🙂 on our devices that ‘s why is not detectable By the way something that can monitor all your activity on the net is called ?
I think that using it as parental control is actually justified. Do you know any other phonesspy software? mSpy is a bit expensive I think.
It installs via a malicious link that is accessed via a web browser on the targeted device.
Their “compatibility” page states that the target iOS device must be jailbroken. It also doesn’t currently work on iOS 6.1.4, 6.1.5 or 7.
Just found this article, so a late-for-you-but-not-for-me comment:
I am really a bit confused about the statements trying to justify using such an app as employer or parent.
At the end, IT security tries to make privacy possible. But if already some Sophos readers tend to give up privacy for the sake of questionably justified control, then where is the rest of world heading to?
What for would an employer need total transparency about what an employee ever used his/her smartphone? If you don’t want loose confidential data, than better protect them at the source. Putting all this information onto mySpy’s server is probably the first step towards total leakage.
Why on earth do you need to “spy on text messages, call logs, and emails; track location, record surroundings, …” for executing parental control? Would you want your parents do that to you?
Your adult now? Do human rights depend on age?
BTW: I do not believe the stealthy claim. Nevertheless, it is interesting how this obviously malicious may-be-property is good for marketing, just by sounding quite jamesbondish.
Human rights I agree to – Life, Liberty, and the Pursuit of Happines. Several civil rights do have an age factor.
I do not allow my child to smoke or drink, nor is she legally allowed to vote, drive, serve in the military, or sign contracts at the age of 12. As for rights on the device, it is understood in our family that the devices belong to us parents, and are not part of personal property.
Her privacy is based on trust and understanding of where the limits are – in advance. When she is of an age to pay for and maintain her own phone (likely 16-18), it will her device and not mine. As for if she chooses to remain on my phone during such time, yes she will be reminded again of the apps one the device and the lack of familial privacy on the account.
This is a communication device, not her personal diary.
Thank you for being a voice of reason! I am surprised at how many parents nowadays think children are mature, responsible, and wise enough to navigate the world with no supervision. It explains a lot about the state it is in now.
The mature responsible thing to do is to not give them a smartphone until they are mature and sensible enough to use one. Be that 12, 14, 16 or 18. Spying on their every move is as damaging as letting them do whatever they like. There needs to be a balance of trust and boundaries. Show your children no respect or trust and they won’t show you any back.
Installed it, never worked and they refuse to refund.
how do you remove it if you have it
How do u remove a spy app for android if it was downloaded without your permission. My phone was recently stolen last week’ came back magically and my sim card was gone and email was synchronized i noticed a red light on my android device that comes on and off as it pleases regardless of how full my battery is or if i have a notification..i have reset my phone but have great concern someone has downloaded a spy app that is hidden from my normal applications..how would i know and dismantle it’ if i didn’t give permission to a employeer and im over 18
If it’s your own phone you could trying doing a full reinstall of the firmware (which will wipe all your data), assuming your carrier has firmware images for download.
If it’s your employer’s phone, you’ll need to let IT know that your phone was stolen and that you suspect the crook hacked the phone at the same time.
If I am in the United States and my bf is in the uk can he see my phone calls through the mobile spy app
How would you uninstall this if you feel someone has done this to stalk you?
Yes, my 11 year old daughter and I think her phone has this my spy wear installed on it, to control her and to keep tabs on me( his ex)!
If someone knows how we can fool this app or help it be incorrect to the spy( dad). Please let us know! It’s a twisted way to try to control others .
Trust is earned, being fearful is just plain scary and creepy.
Laura, I would assume if you erase the phone (bring it back to the original state) then every app, including this one will be erased. Just to make sure, I would change the password on the google account as well that way it could not be installed remotely.
Well, the worse possible abuse of this app has happened to my daughter who recently broke off her engagement to a police officer no less. Between breaking off the engagement and moving to Seattle he installed this app and has been tracking/stalking her every move. This app can and will be abused in endless ways by people who lack scruples, even people who have taken an oath to protect us.
I have a question if you do a factory reset would it be removed then?
I think it’s boss’s obligation to inform the employees of their being monitored. When I was told that my working phone is installed with iKeymonitor, I expressed my understanding even if I feel a little bit uncomfortable! If I found the fact by myself I’ll be very angry and I think I can prosecute my boss!
Great, install something like this on your phone. If a thief steals your phone, wait a while. Collect info on him, and exploit their bank accounts anonymously on the internet, or buy bitcoins with their money. Sounds like a great idea to me. I’m installing something similar today (not this though, this app is lame)
What’s the app you use?
I discovered in February of this year that who I thought was a family friend had actually been victimizing me for two years. Not only did he con money out of me, which took from the needs of my children and me, but he actually told me that a ‘friend’ of his had installed a camera on my phone and was watching everything I did around my home. He listened in on private phone calls, and viewed private texts of myself and others. This is CRIMINAL behavior and he will be prosecuted for it.
Perhaps is it detectable by noticing no internet connection during your phone conversation and then once internet is accessible your call is dropped?
Have just been tracked / monitored for a significant period of time by my now former partner using a zoemob application as well as recording devices around the home we shared
The app gave my partner information that i may not with Her to know and she would often use this in a negative or controlling way
The psychological impact on myself was substancial leading to psyco therapy and a breakdown as it lead to arguments that were irrealvent
and at times unecessary
The Apps are in fact a very dangerous tol especially in the wrong hand something gauranteed to deastate a relationship
The police in general unaware of the laws that the apps violate and the effects on the target person the accumlative effects of long term privacy invasions are devastating
Should be banded and the preprtrator prosacuted
The app is was able t
How do you seure a prosacution if you are unaware that the app is installed and monitoring your every moved and conversations i recently found an app on my hand set but the reaction from the police was that my partner was paranoid and thought i was a serial bed hopper with such reaction how can the victim of a faceless crime seek justice
the information my partner gained from the app gave her power and the knowledge to control and abuse every privat text was read and even the langauge used would be questioned
the apps arclosely linked with domestic abuse and give abusers the ultimate power
has anyone else had a experience of being abused in this way
So what happens to the person spying if the target is not informed?
is this a joke story
the only way for to spy is someone put it on your phone behind your back…
what if someone is looking at you at all times and harassing you have a app on your apartment , in your car and at work even when you go shopping and is talking to you all day and all night and it’s only where you can hear it. what can be done because if they are looking in your apartment how can you change password and they have a mic so they are close by your place because I can hear them talking
Every time I’m using messenger when a certain person calls me there’s an online dot that appears by the camera and my camera looks like it’s activating could he be spying on me? And if yes how do I get it off my phone?