Governments are Using Secret Spyware. Can You Spot and Stop Hidden Spy Apps?

On 2nd October, 2018, a Saudi journalist, Washington Post columnist and dissident, Jamal Kashoggi was abducted from the Saudi consulate in Istanbul, Turkey by a team of 15 Saudi government agents, strangled and his body dismembered and disposed of.

The murder of Jamal Kashoggi shook the world naturally, for its gruesomeness, but it also serves as a cautionary tale of how governments can use phone spy apps on pretty much anyone’s mobile device and where this can lead.

Spy Apps for Android Phones are More Available Than You’d Think

If you think that cell phone spy apps are something that only secret agents use, you’d be very wrong. In fact, there are over 60 mobile spy apps available for Android devices on the Google Play Store as of 2022.

These Android spy apps can be used by, for instance, parents or employers to monitor what their kids or employees are doing on their devices and who they’re texting or calling.

Some of the mobile spy apps include:

  1. Spyic;
  2. uMobix;
  3. Cocospy;
  4. XNSPY;
  5. iKeyMonitor.

We’re not going to go into the specific features that each of these have, but most commonly, a phone spy app would include features like:

All of these hidden spy apps, however, have one big “problem” for the one who is doing the monitoring – they require physical access to access and target android phones

Is it Ever Okay to Install a Spy App on Someone’s Android Phone?

If you’re a parent, you might have some success telling your kid to hand over their Android device, but with kids being so attached to their devices and chat apps and social media apps on them in particular, good luck separating them long enough to install a spy phone app on their smartphones.

While we can somewhat justify a monitoring app on your kid’s mobile phone as parents are understandably worried about who their kids are talking to, we can’t say the same for using hidden spy phone apps to record phone calls of your employees for instance.

With your employer, for instance, you might be surprised that the law in a lot of countries, the US included, allows the employer to track your business-related phone calls and text messages on a phone that they provided you.

This also goes for your emails, by the way.

Pegasus Secret Spyware Was Used to Spy on Human Rights Activists, Journalists, Business Executives and Others by Governments

Let’s go back to the example of Jamal Kashoggi. What makes it so relevant to our story about hidden spy apps is that an investigation by The Washington Post found that his phone is likely spied on using military-grade spyware software called Pegasus.

Pegasus was developed by an Israeli firm NSO Group, which is licensed by governments around the world to track criminals and terrorists.

However, it is also used to hack smartphones belonging to journalists (like Khashoggi), human rights activists, whistleblowers, business executives and others.

In fact, although Pegasus wasn’t found on Kashoggi’s device, it was used to hack the mobile phones of two women close to him, his wife Hanan Elatr and fiancee Hatice Cengiz.

An Amnesty International investigation found that their numbers were on a list of 50,000 other numbers concentrated in countries known as NSO Group’s clients.

The list, which dates back to 2016, includes reporters from all over the world, including CNN, the New York Times, the Associated Press, Al Jazeera, Bloomberg News, Le Monde, Financial Times and more news organizations.

In addition, the investigation by the Amnesty’s Security Lab was able to identify over 1,000 people from 50 countries, including 600 politicians, 180 journalists, 85 human rights activists, 65 business execs and so on.

After examining 67 smartphones that were suspected of being infected, the researchers confirmed that at least 23 were successfully infected, while hackers attempted to penetrate 14 others and the results were inconclusive for the remaining 30 devices.

Responding to the investigation the NSO Group disputed the list as having anything to do with either NSO or Pegasus.

NSO Chief Executive Officer Shalev Hulio said:

The company cares about journalists and activists and civil society in general. We understand that in some circumstances our customers might misuse the system and, in some cases like we reported in NSO’s Transparency and Responsibility Report, we have shut down systems for customers who have misused the system.

NSO’s clients include 60 intelligence, law enforcement and military agencies in 40 different countries, but the company keeps their names hidden for confidentiality reasons.

In November, 2021, Apple sued NSO Group for using surveillance software on its devices. This was also around the same time they notified the director of the Human Rights Watch (HRW) Beirut office Lama Fakih that her iPhone is compromised by Pegasus spyware.

Fakih said:

Apple notified me that I was the subject of a state-sponsored attack on my iPhone on 23rd November and again on 24th November, 2021. I received an iMessage to my Lebanese phone number and an email notification from Apple warning me that they believed I was being targeted by state-sponsored attackers, who, they said, were likely targeting me because of who I am or what I do. I immediately contacted Human Rights Watch’s information security directory and we began the process of confirming that the attack had occurred.

Conclusion

As you can see spy apps for Android and iOS devices aren’t all that unusual and you can find a parental control app on both Google and Apple stores.

However, there is a much more dangerous type of cell phone monitoring software like Pegasus that can be used to target cell phones of anyone by government agencies, including human rights activists, journalists, business executives and others.

This makes hidden spy apps extremely dangerous not only for one’s privacy, but also their well-being and, coupled with the surveillance equipment all around us is something worth fighting against.