Phone spying apps are usually offered on hacking forums and third party app markets, but given their malicious potential, it’s unusual to see them being offered for sale on official online marketplaces.
Nevertheless, it does occasionally happen – as the recent discovery by Trend Micro researchers shows.
A beta version of an app that can record the contents of received and sent messages and send it to a remote FTP server is currently being offered on Google Play, and has been downloaded by an estimated 500 – 1000 users since March 11:
“As the app is still in its beta testing, spying on a mobile device using this tool poses certain challenges,” the researchers point out.
“First, it should be installed onto the target device without the victim knowing about it. Second, potential attackers would need to setup their own FTP servers, which may be difficult for those with less advanced IT knowledge. However, the developers behind this tool are likely to release an updated version that may include features and improvements to make it easier to use.”
It’s unlikely that users would install such an app on their own device by mistake, so the best way of preventing those that may have such plans to do so is to activate and user the lock function on the device.