Sophos Cloud Optix
Remember mSpy?
It’s one of a family of spying apps that lets someone remotely snoop on you through your phone or tablet. That includes text messages, call logs, emails, location tracking, recording of conversations by remotely turning somebody’s phone into a bugging device, calendar information, GPS coordinates tracked on a convenient map, that kind of thing.
For the sort of people who don’t have even the most tattered shred of respect for the privacy of others, spy software can serve employers who need to keep a lid on data leakage, help parents keep a lid on their kids, and enable lovers to bust the lid on cheating spouses.
One problem: you’ve needed to get your mitts on the gadget to install mSpy.
Granted, it only takes a few minutes to install, as you can see in one of the company’s installation guides, but man-handling the target’s device has been a must for those who want to spend their hours poring over other people’s business.
Could be tricky. Could get caught with your fingers in the phone when Mr. or Ms. Presumably Cheating Slimeball got out of the shower too soon.
But now, those precarious days are gone! Spies needn’t worry about getting caught bugging somebody’s phone.
That’s because mSpy last week began offering a selection of smartphones pre-loaded with the software.
The company’s offering pre-installed mSpy software on four of the top smartphone models: Nexus 5, iPhone 5S, HTC One and Galaxy S4.
Pricing starts at $649.99, or about $200 more than a non-boobytrapped phone, and includes a year-long subscription.
Is this legal?
Yes it is, mSpy says on its website.
If, and only if, that is, you get your target’s permission to eavesdrop on them and track their every move like a bloodhound:
It is a considered federal and/or state violation of the law in most cases to install surveillance software onto a mobile phone or other device for which you do not have proper authorization, and in most cases you are required to notify users of the device that they are being monitored. Failure to do so may result in a violation of federal or state laws, if you install this software onto a device you do not own or if you do not have proper consent to monitor the user of the device.
Well, then, there you have it.
Of course nobody would install the software surreptitiously, without telling their target, nor would they wrap a gorgeous new mobile phone up for somebody’s birthday gift without writing in the card something informative, along the lines of, say, “Happy Bugday!”
All sarcasm aside, the idea of spyware preloaded on a phone is vile.
Regardless of whatever legitimate justifications there are to put spyware on a phone – parental oversight, an employer overseeing use of company-issued devices and leakage of company data – there are simply no safeguards in place to ensure that surveillance targets are being informed of eavesdropping, tracking or bugging.
Because of the lack of such safeguards, jealous lovers lacking the cojones to speak frankly to their partners about their suspicions or concerns instead choose to (illegally) disregard those people’s privacy.
Giving such jealous lovers (or abusive partners, for that matter) even easier access to surreptitious tracking, eavesdropping and bugging, in the form of a phone pre-loaded with spyware, is yet another grievous blow against privacy.
Image of eyeball phone courtesy of Shutterstock.
If everyone told their victim that he is installing spyware to their phone, then the company would not want to sell phones with pre-loaded spyware. Captain obvious is done here!
Being a native Spanish speaker I simply love the way English-speaking people use the Spanish word cojones:
noun Spanish: Sometimes Vulgar.
1. ( used with a plural verb ) testicles.
2. courage.
Let’s just say that in Spanish it is a word mostly used in spoken language, unfortunately (or fortunately) a lot, and actually not so much in written language (the “Sometimes” from the English dictionary changes to “Often” in Spanish). And this word (in Spanish) can have quite a lot of meanings, not just courage, but also surprise, nuisance, laziness, fear, perfection, fatigue… (depending on the numeral, article and/or preposition around).
I thought the word was also used in cooking, e.g. cojones de toro.
That´s just a joke, between cojones from toro and torero, and who lost in the arena… the real dish is rabo de toro (oxtail)
Potentially a missed marketing opportunity, but does the Sophos free Android app detect this? As it’s pre-installed I’m assuming that factory resetting a Nexus device wouldn’t remove this spyware, so third party apps are the only option??
(I’m not paranoid – I bought my Nexus myself direct from Google (and nobody wants to spy on my boring life anyway 😉 ))
We do detect it, though not as outright malware. We detect it as what’s known as a PUA, or “Potentially Unwanted Application of type Spyware”.
The main difference between PUAs and malware is that you can turn off PUA detection if you want and just leave the outright malware detection enabled. I don’t know why you’d want to, but the option is there just in case. (O tempora! O mores!)
If you were to reload Google’s official firmware using the “reset” scripts in the download, I’d say you *would* get rid of this app. But I am not going to buy a new device and spend an additional $200 to find out 🙂
Paul, how come you respond to comments on behalf of Lisa?
Does she not do responses?
Thanks.
Errrrrr, I was responding on behalf of Sophos Naked Security 🙂
Questioner wanted to know if we detected this particular threat. I happened to know the answer, happened to be awake due to the exigencies of timezones, and happened to reply.
I respond to lots of comments on Naked Security, both for myself and for others in the team. It’s part of my job and I enjoy doing it, so…I do.
(If the comment were clearly asking for the opinion of the original author, I wouldn’t answer on their behalf, but for technical questions with objective answers, why not?)