AV-TEST Stopped in its Tracks: Stalkerware for Spying Under Android

Disclaimer

  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,567
More and more dubious apps offer their services for spying and stalking, in order to secretly surveil unwitting persons, acquaintances or (ex-)partners. With a good security app for Android, it's also possible to unmask these deceitful attackers.

The market for Android apps with which devices can be secretly monitored, tracked and spied on, is steadily growing. There is brisk demand for so-called spying stalker apps, as they can be used to monitor Android devices such as smartphones or tablets. The devious part: once installed, the monitoring software hides on the device or sometimes disguises itself as a harmless service or game app. The capabilities of these apps on the device are vast, as they often operate in admin mode, thus having the highest permissions on a given device. Those who are uncertain and feel monitored can help themselves. A good security app detects the monitoring app for spying or stalking. The lab at AV-TEST examined what these security apps are capable of.

Unmasked in the lab: stalkerware for spying

A total of 18 security apps for Android demonstrated in the lab how well they can detect spying stalkerware. Included in the test were the apps from AhnLab, Antiy, Avast, AVG, Avira, Bitdefender, ESET, F-Secure, G DATA, Google, Ikarus, Kaspersky, LINE, McAfee, NortonLifeLock, Protected.Net, securiON and Trend Micro.

In the test, the candidates had to detect stalkerware 29 times. Most of the apps did a good job at it. All 29 or 28 intrusive apps were revealed by the security apps from Antiy, Bitdefender, Trend Micro, as well as ESET and Kaspersky. Following close behind with a 93.1% detection rate were F-Secure and G Data.

The remaining field detected 89.7 to 58.6 percent of the stalkerware and spy apps. Android's internal Google Play Protect security app only reports 31 percent of these tools, which are actually forbidden.

FYI: The security tools also often detect the stalkerware under other categories, such as PUAs (potentially unwanted applications), riskware, malware or simply infection.
Click to expand...
www.av-test.org

Stopped in its Tracks: Stalkerware for Spying Under Android

More and more dubious apps offer their services for spying and stalking, in order to secretly surveil unwitting persons, acquaintances or (ex-)partners. With a good security app for Android, it's also possible to unmask these deceitful attackers.
www.av-test.org www.av-test.org
 
  • Like
  • +Reputation
Reactions: cryogent, CyberPanther, roger_m and 10 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,567
From the same source: Technical tips on examining an Android device for stalkerware
Anyone somewhat well versed in the technical features their smartphone can run their own check to see whether spyware may be lurking on their device.

The commands tend to vary among devices, but most of them are quite similar. Many smartphones also offer a search function in the settings menu that will lead to the proper setting.

Enabled: System / Developer (options)
  • Observation: Developer options are surprisingly available as a submenu item or have been activated.
  • Consequence: Makes it possible to remotely control the device and install apps on the device.
Enabled: Apps or Security / Install unknown apps
  • Observation: On an app (e.g. Chrome Browser), Install unknown apps or Allow from this source is enabled.
  • Consequence: Allows the installation of apps from unofficial sources or download from a website.
Security / Device admin apps
  • Observation: Unknown apps have admin rights.
  • Consequence: Apps with admin rights can only be removed if the rights have been revoked. This prevents removal of an app via the Android Package Manager, as it has a higher permission level.
Input assistance / Service apps
  • Observation: Unknown apps are entered as a service.
  • Consequence: Allows the reading out and interaction with the Android interface, as well as from running apps.
Google or Security / Play Store or Play Protect
  • Observation: Play Protect has been disabled.
  • Consequence: Scans and warnings through Play Protect are prevented
Connection or Mobile Network / Data usage
  • Observation: An unknown app is generating lots of network traffic.
  • Consequence: A contractual data volume is quickly used up and the battery of the smartphone is depleted more quickly.
In an installed security app
  • Observation: The installed mobile security app reveals deactivated scan options, "ignored" objects or apps defined as "safe".
  • Consequence: "Ignored" objects or apps defined as "safe" are normally excluded from scans and no further warning is displayed for them.
Click to expand...
 
  • Like
  • Applause
  • +Reputation
Reactions: cryogent, CyberPanther, roger_m and 7 others

Similar threads

vtqhtr413
    • +Reputation
    • Applause
NY attorney general forces spyware vendor to alert victims
Replies
0
Views
441
News Archive
vtqhtr413
vtqhtr413
G
Advice Request Need help interpreting Firewall AI logs
Replies
3
Views
624
General Security Discussions
JoelS
J
MuzzMelbourne
    • Like
Miscreants leak texts and info siphoned by Android stalkerware app LetMeSpy
Replies
1
Views
1,512
News Archive
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top