Android apps - smartphone
Commercial spying apps for Android are spiking in popularity - but could be used for nefarious purposes Lisa Fotios/Pexels

Commercial spying apps for Android devices are being openly advertised on Google and – upon installation – can be used to snoop on text messages, calls and Facebook chats.

While they are advertised as a way for parents to keep track of their children, or businesses to watch employees, experts warn they could be used for more nefarious – potentially illegal – purposes. According to security firm Kaspersky Lab, the popularity of such services is spiking.

Now, there is often no need for the dark web or sophisticated hacking attacks – surveillance software can be quickly discovered with a simple Google search and purchased online for well under £100.

One company, FlexiSpy, was even advertising 20% off its services for 2017's Black Friday.

"Installing such apps, even on your child's device, is a risky step that could lead to malware infection, data leaks or other unpleasant consequences," warned Kaspersky Lab researcher Alexey Firsh.

The Android apps all have similar capabilities, letting users monitor texts, calls, GPS locations, internet browsing data, photos, videos, contracts and social media use – including Facebook and WhatsApp.

Experts say they are only slightly different from spyware used by hackers and cybercriminals.

"There's certainly no shortage of commercial spying apps for Android, with most positioned as parental control tools," Firsh wrote in a blog post Thursday. "In reality, however, these apps barely differ from spyware, with the exception perhaps of the installation method."

Unlike hacking tools, commercial spyware is installed manually on the target's phone.

Customers will typically download an app and enter credentials they are sent after purchasing. After installation, the app will be "invisible" on a target's device. The process takes just minutes.

This week (23 November), The Daily Beast reported a number of such apps to Google, which maintains Android, amid concerns they could be used to spy on partners and spouses.

"#1 Wife Android Spy—limited time 50% off," one ad read before being removed. Despite being advertised as a way for parents to monitor children, Motherboard previously released documents showing FlexiSpy made use of SEO terms including: "how to catch a cheating spouse."

Hackers vs Spies

But for Kaspersky Lab, there were major concerns about how such firms store information taken from a target's smartphone. In some cases, this sensitive data was far from secure, it said.

Firsh wrote: "I analysed one commercial spyware app, investigating the vendor's main site and command and control (C&C) server. I soon found lots of files that had been uploaded to the server and that turned out to be users' personal data collected by the app.

"Private files were stored on the server without any protection and could be accessed by anyone."

Furthermore, to install commercial spyware an Android device has to enable the "Allow install of non-market applications" functionality – leaving it wide open to further malware infections.

"Many users of spyware apps who want to monitor the private lives of their relatives simply don't understand that they may not be the only ones who will have access to such information," Firsh said.

Smartphone
Android apps are being advertised as ways to spy on husbands and wives Deyvi Romero/Pixels

"There is one simple and very important tip for everyone – always protect your phone with a password, PIN or fingerprint, so an attacker won't be able to manually access your device."

The law in such cases remains murky. In the UK, police have said in the past that prosecutions could be sought if the behaviour of a suspect could be defined as "cyber-stalking".

In December 2014, The Independent reported that "41% of domestic violence victims" had been "tracked or harassed using electronic devices", citing a study by Women's Aid.

And while Google is starting to take action against these tracking and snooping services – which some people in the US have been prosecuted for using – many search results still remain.

A simple keyword search tested by IBTimes UK instantly discovered one "Spouse spy app" which claimed to entice customers with the promise of: "Invisible mode. Easy install."

"Free Cell Phone Spy App - See Texts Calls Photos & More‎," a separate advert promised.

FlexiSpy Black Friday sale
A screenshot showing FlexiSpy offering 20% off its monitoring software Screenshot/FlexiSpy