Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Mobile Spy Tracks Android Email, Texts, Photos

Hidden software enables employers -- or parents -- to view all messaging activity, and its contents, sent or received from any Android smartphone.

Android smartphone users will now have the ability to view every photo and video captured and every email sent or received, according to an announcement Monday by Retina-X Studios.

The software works with all Android models, including Motorola's Droid, T-Mobile's MyTouch 3G, and HTC's Droid 'Incredible.' These new features add to the capabilities the spy software already offers in call, SMS, browser and GPS logging.

Once the hidden software is installed to the phone, users can view activity logs online in real time. The software records the actual contents of every text message, logs full call details and web browser visits. Actual GPS locations linked to maps are also recorded at a rate set by the user. All logs can be reviewed from anywhere by logging into a secure web site. Even if the user tries to delete his tracks, the data will still be retained and uploaded, according to Retina-A Studios.

Any time a new photo or video is taken on the monitored Android device, it will instantly be viewable inside the online Mobile Spy account. This new feature gives parents a way to monitor whether or not teenagers are sending inappropriate pictures or videos as the actions happen. The technology can also be used to expose corporate espionage.

A parent or employer can view all email activity sent or received from the device in its entirety, providing the ability to ensure children or employees aren't communicating with individuals they deem inappropriate. The new version also records all contacts added to the Android device, along with any calendar event that are entered.

"Today's addictive smartphones can be dangerous for a teenager," said James Johns, Retina-X Studios CEO. "If your teen is addicted to their phone, they are more susceptible to the dangers of the Internet. Without proper monitoring, you might never see whether the secrets they are keeping are dangerous or not. Mobile Spy gives parents and employers the ability to know the complete truth before it's too late."

Employers will be able to enforce their own Acceptable Use and Vehicle policies on company-provided phones, according to a Retina-X Studios statement. Mobile Spy can indicate whether an employee is leaking confidential information.

Mobile Spy runs on all Android devices, including those running on the 2.x operating system. The software runs about $100 for an annual license and includes monitoring for up to three phones.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...