Cybersecurity expert Alex Liu sits at a conference table at the University of California, San Diego, sending a text message from one smartphone to another running the Mobile Tracker Free app. The text is sent and received and appears on the web portal in Liu’s laptop.
Such software can be used as spyware. These common phone apps allow you to view other person’s text messages, emails, phone calls, and photos. San Diego County Deputy District Attorney Ramona McCarthy said she’s seen a lot of spyware cases. Some stalking victims who had no idea how closely they were being watched.
“They have gone out of their way to eliminate their online public persona. And yet they still find out that their former partner or current partner … can still follow them, know who … they are dating, their new job, and they just wonder why, ”said McCarthy.
McCarthy added that people helping victims of stalking or domestic violence often discover spyware by asking victims to find apps on their phone that they don’t remember downloading. She said that sometimes the district attorney would issue a warrant for a suspect’s phone and find spyware that way.
Liu said that if you can get temporary physical access to a person’s phone and unlock it, it’s easy to install spyware. Liu was the lead author of an article titled “No Privacy Among Spies.”
His research showed how these applications work and how insecure they are. He said that many use unencrypted communication channels that are easy to hack over Wi-Fi.
“If the app itself is hacked, the problem becomes much more serious… (personal information) can become public. Right? I’m pretty sure you don’t want everything on your phone to go public,” Liu said.
There are many apps that can track another person’s smartphone, such as Life360 and Find My Friends. An application becomes spyware when it is injected without the knowledge of the target.
While apps are often used for harassment, Liu says that’s not how companies market an app that includes instructions that assume both parties know what’s going on.
“Usually (the company) says you need the consent of the other person. You press a button that says, “Yes, I understand that by using this application, I will obtain the consent of the other party.” But this is not actually enforced,” Liu said.
Liu’s study involved computer science professor Thomas Ristenpart of Cornell University. In a recent lecture at the University of California, San Diego, he said that he contacted the help desk of some of these app companies and asked them if their spouse tracking app was right. He received a response from nine of them.
“To their credit, one tool said, ‘No, that’s not what this tool is for… It’s probably illegal what you’re suggesting, so don’t do it,'” Ristenpart said. “The other eight out of nine (companies) responded with something along the lines of, ‘Yes. Our tool is great for this. Here’s how you set it up to track your husband.”
Liu says apps are easiest to install on Android phones, where there are fewer restrictions on where you can get your apps. Deputy District Attorney McCarthy says if a former partner finds out the password to your iCloud account, he could hijack your phone and install spyware.