There’s certainly no shortage of commercial spying apps for Android, with most positioned as parental control tools. In reality, however, these apps barely differ from spyware, with the exception perhaps of the installation method.
There’s no need to even resort to Tor Browser or other darknet activity either – all you need to do is type something like “android spy app” into Google. They are called ‘commercial’ because anyone can buy an app like this for just a few dollars.
According to Kaspersky Lab‘s telemetry, the popularity of these apps has been growing in recent years. Almost all commercial spyware apps are installed by manually accessing the target’s phone, and this is the only big difference between these apps and classic malicious spyware like DroidJack or Adwind. Customers have to download the app, install it and enter credentials that are received after purchasing. After that, the spying app becomes invisible on the phone. Installation usually only takes a couple of minutes.
Some of these tools use device admin features to gain persistence and self-protection on the target’s phone. Features may vary, but some of them are present in almost all these kinds of apps:
  • Stealing SMSs
  • Stealing calls (logs/recordings)
  • GPS tracking
  • Stealing browser data (history/bookmarks)
  • Stealing stored photos/videos
  • Stealing address books (with emails and even photos sometimes)
The ‘Stealing social media/IM data’ feature is particularly important. It means that the spyware is able to attack other social media or messenger apps (depending on the specific product), for example, Facebook, Viber, Skype, WhatsApp, etc. As a result, an attacker can observe messenger conversations, feeds and other personal data from the victim’s social media profile. These products use the same techniques as standard malicious spyware to steal data, and sometimes on a bigger scale.

Many users of spyware apps who want to monitor the private lives of their relatives simply don’t understand that they may not be the only ones who will have access to such information. To sum up, installing such apps, even on your child’s device, is a risky step that could lead to malware infection, data leaks or other unpleasant consequences. In our products we use a special technology for Android OS that helps detect dangerous apps capable of violating a customer’s data privacy. There is one simple and very important tip for everyone – always protect your phone with a password, PIN or fingerprint, so an attacker won’t be able to manually access your device.