When
you
wind
up
with
mobile
spyware,
you
may
wind
up
with
a
stalker
on
your
phone.
In
its
most
malicious
forms,
mobile
spyware
can
steal
information
like
text
messages
and
photos,
capture
passwords
as
you
tap
them
in,
secretly
turn
on
your
microphone
or
camera
for
recording,
and
track
your
movements
using
GPS.
Figuratively
speaking,
it’s
like
going
about
your
day
with
a
stalker
peering
over
your
shoulder.
If
that
doesn’t
sound
creepy
enough,
it
can
get
worse.
More
than
just
providing
attackers
with
a
live
feed
of
your
activity,
spyware
can
record
and
archive
your
actions.
From
there,
it
can
“phone
home,”
meaning
it
sends
stolen
information
back
to
cybercriminals
so
they
can
hoard
it
for
later
use.
That
stolen
information
can
lead
to
identity
fraud
and
theft,
such
as
when
a
cybercriminal
raids
your
existing
bank
accounts,
sets
up
entirely
new
lines
of
credit
in
your
name,
or
impersonates
you
in
several
other
ways.
In
darker
scenarios,
stolen
photos,
files,
and
information
can
lead
to
blackmail
and
harassment.
Without
question,
a
case
of
mobile
spyware
can
get
serious
quite
quickly.
Yet,
it
is
highly
preventable
when
you
know
how
it
can
end
up
on
your
phone—and
the
steps
you
can
take
to
keep
that
from
happening.
How
do
phones
get
mobile
spyware?
Malicious
apps.
They
account
for
much
of
mobile
spyware
today.
Whether
they’re
downloaded
from
a
third-party
app
store
or
even
from
Google
Play
or
Apple’s
App
Store,
the
ruse
remains
the
same:
a
malicious
app
poses
as
legitimate
app.
These
apps
may
present
themselves
as
games,
wallpapers,
productivity
apps,
exercise
apps,
utility
apps,
and
even
security
apps.
Instead,
they’re
loaded
with
spyware.
Google
Play
does
its
part
to
keep
its
virtual
shelves
free
of
malware-laden
apps
with
a
thorough
submission
process
as reported
by
Google and
through
its
App
Defense
Alliance
that
shares
intelligence
across
a
network
of
partners,
of
which
we’re
a
proud
member.
Further,
users
also
have
the
option
of
running Play
Protect to
check
apps
for
safety
before
they’re
downloaded.
Apple’s
App
Store
has
its
own
rigorous
submission
process
for
submitting
apps.
Likewise,
Apple
deletes
hundreds
of
thousands
of
malicious
apps
from
its
store
each
year.
Yet,
bad
actors
find
ways
to
sneak
malware
into
the
store.
Sometimes
they
upload
an
app
that’s
initially
innocent
and
then
push
malware
to
users
as
part
of
an
update.
Other
times,
they’ll
embed
malicious
code
such
that
it
only
triggers
once
it’s
run
in
certain
countries.
They
will
also
encrypt malicious code
in
the
app
that
they
submit,
which
can
make
it
difficult
for
reviewers
to
sniff
out.
Unique
to
Android
phones,
Android
gives
people
the
option
to
download
apps
from
third-party
app
stores.
These
stores
may
or
may
not
have
a
thorough
app
submission
process
in
place.
As
a
result,
they
can
be
far
less
secure
than
Google
Play.
Moreover,
some
third-party
app
stores
are
fronts
for
organized
cybercrime
gangs,
built
specifically
to
distribute
malware,
making
third-party
download
that
much
riskier.
Other
ways
spyware
can
end
up
on
your
phone
Someone
can
install
it
directly.
In
this
case,
a
bad
actor
needs
physical
access
to
your
phone.
If
they
know
the
passcode
or
if
the
phone
is
unlocked,
they
can
tamper
with
the
phone’s
settings
and
install
the
spyware
themselves.
This
requires
access,
time,
and
effort,
yet
some
bad
actors
certainly
take
this
approach.
Surprisingly,
we’ve
also
seen
cases
where
malware
comes
pre-installed
on
phones.
A
recent
case
estimated
that
some
9
million
smartphones
had
spyware
installed
in
them
somewhere
along
the
supply
chain.
Reportedly,
the
spyware
could
steal
personal
information
from
the
phone
or
possibly
take
it
over
entirely
for
a
short
stretch
of
time.
You
can
spot
signs
of
tampering
on
an
Android
phone
by
heading
to
Settings
and
searching
for
“Install
Unknown
Apps.”
If
you
see
any
sources
that
you
didn’t
set
to
the
“On”
position
or
a
third-party
website
you
don’t
recognize,
it
indicates
that
apps
from
outside
official
app
stores
could
have
been
installed
in
the
device.
Such
apps
are
generally
riskier
than
apps
from
official
sources
like
Google
Play.
While
not
an
outright
indication
of
spyware,
you
should
set
those
to
“Off.”
On
an
iPhone,
directly
installing
spyware
takes
a
bit
more
effort.
Typically,
it
requires
“jailbreaking”
the
phone.
This
process
tampers
with
the
operating
system
and
removes
software
restrictions
so
the
iPhone
can
access
third-party
app
stores
and
download
unapproved
apps.
Both
are
highly
risky
activities
and
the
reason
why
Apple’s
iOS
enforces
such
restrictions
in
the
first
place.
Put
plainly,
“jailbreaking”
is
not
safe.
In
the
hands
of
bad
actors,
they
can
install
an
app
called
“Cydia”
on
a
jailbroken
iPhone.
Cydia
is
an
unapproved
app
store
that
offers
potentially
dangerous
modifications
and
apps.
If
you
spot
Cydia
on
your
iPhone,
it’s
certain
sign
of
tampering.
The
signs
of
mobile
spyware
Not
long
ago,
you
could
often
see
or
even
feel
if
your
smartphone
was
infected
with
spyware.
It
could
run
hot,
like
it
was
left
out
on
blanket
at
the
beach,
because
the
spyware
ate
up
computing
cycles
while
it
ran
in
the
background.
It
could
drain
batteries
or
lead
to
sluggish
performance.
That’s
not
always
the
case
anymore.
Spyware
has
become
leaner
and
more
efficient
in
recent
years,
so
cybercriminals
can
better
mask
their
attacks.
Some
signs
that
are
better
indicators
of
spyware
include:
Spikes
in
data
use.
Whether
through
your
phone’s
data
connection
or
through
a
Wi-Fi
connection,
unexpected
increases
in
usage
could
be
a
sign
that
your
phone
is
communicating
with
a
third
party.
Difficulty
logging
into
your
accounts
the
first
time.
A
phone
infected
with
spyware
may
communicate
your
activity
to
a
third
party,
rather
than
to
the
legitimate
login.
The
legitimate
site
or
service
never
receives
the
first
login
attempt,
forcing
you
to
log
in
again.
Difficulty
logging
into
your
accounts
at
all.
This
may
be
a
sign
that
a
cybercriminal
already
hacked
your
password,
logged
in
under
your
name,
and
then
changed
the
password
to
one
of
their
own.
(Note
that
this
could
also
be
a
sign
of
a
compromised
or
stolen
password
and
not
necessarily
a
sign
of
spyware.)
Other
apps
like
antivirus
and
online
protection
software
get
shut
down.
Some
types
of
spyware
can
gain
administration-level
privileges
to
your
phone
and
drop
its
defenses,
leaving
you
yet
more
vulnerable.
You
spot
signs
of
fraud
or
theft.
Above
we
mentioned
how
cybercriminals
use
spyware
to
gain
login
credentials
to
banks
and
credit
cards,
and
even
steal
personal
items
like
files
and
photos.
If
you
spot
any
unusual
activity
or
find
yourself
threatened
with
demands,
it’s
possible
that
spyware
could
be
a
possible
cause
among
others.
Seven
steps
to
protect
yourself
from
mobile
spyware
1.
Update
your
phone’s
operating
system.
Along
with
installing
security
software,
keeping
your
phone’s
operating
system
up
to
date
can
greatly
improve
your
security.
Updates
can
fix
vulnerabilities
that
hackers
rely
on
to
pull
off
their
malware-based
attacks.
It’s
another
tried
and
true
method
of
keeping
yourself
safe—and
for
keeping
your
phone
running
great
too.
2.
Avoid
third-party
app
stores.
As
mentioned
above,
Google
Play
has
measures
in
place
to
review
and
vet
apps
to
help
ensure
that
they
are
safe
and
secure.
Third-party
sites
may
very
well
not,
and
they
may
intentionally
host
malicious
apps
as
part
of
a
front.
Further,
Google
is
quick
to
remove
malicious
apps
from
their
store
once
discovered,
making
shopping
there
safer
still.
3.
Review
apps
carefully.
Check
out
the
developer—have
they
published
several
other
apps
with
many
downloads
and
good
reviews?
A
legit
app
typically
has
quite
a
few
reviews,
whereas
malicious
apps
may
have
only
a
handful
of
(phony)
five-star
reviews.
Lastly,
look
for
typos
and
poor
grammar
in
both
the
app
description
and
screenshots.
They
could
be
a
sign
that
a
hacker
slapped
the
app
together
and
quickly
deployed
it.
4.
Go
with
a
strong
recommendation.
Yet
better
than
combing
through
user
reviews
yourself
is
getting
a
recommendation
from
a
trusted
source,
like
a
well-known
publication
or
from
app
store
editors
themselves.
In
this
case,
much
of
the
vetting
work
has
been
done
for
you
by
an
established
reviewer.
A
quick
online
search
like
“best
fitness
apps”
or
“best
apps
for
travelers”
should
turn
up
articles
from
legitimate
sites
that
can
suggest
good
options
and
describe
them
in
detail
before
you
download.
5.
Keep
an
eye
on
app
permissions.
Another
way
hackers
weasel
their
way
into
your
device
is
by
getting
permissions
to
access
things
like
your
location,
contacts,
and
photos—and
they’ll
use
malicious
apps
to
do
it.
If
an
app
asks
for
way
more
than
you
bargained
for,
like
a
simple
puzzle
game
that
requests
access
to
your
camera
or
microphone,
it
might
be
a
scam.
On
Android,
recent
spyware
usually
requests
REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
permission
to
execute
the
malicious
behavior
in
the
background.
If
you
see
behaviors
like
these,
delete
the
app.
6.
Tidy
up.
Remove
old,
unused,
and
underused
applications
that
could
be
future
vectors
of
attacks.
Along
this
line,
we’ve
seen
where
mobile
applications
change
ownership
(whether
they
get
sold
or
others
take
over
its
operations),
and
the
new
owners
don’t
have
the
same
standard
operating
procedures
as
the
founders.
7.
Lock
your
phone—and
keep
an
eye
on
it
too.
As
mentioned
above,
some
bad
actors
will
install
spyware
on
phones
themselves.
However,
this
requires
access,
time,
and
effort
to
pull
off.
Locking
your
phone
and
always
keeping
it
close
can
help
prevent
bad
actors
from
infecting
your
phone
this
way.
8.
Protect
your
phone.
Comprehensive
online
protection
software can
secure
your
phone
in
the
same
ways
that
it
secures
your
laptops
and
computers.
Installing
it
can
protect
your
privacy,
keep
you
safe
from
attacks
on
public
Wi-Fi,
and
automatically
block
unsafe
websites
and
links,
just
to
name
a
few
things
it
can
do.
About Author
