Today, I wanted to highlight some recent research from Zscaler ThreatLabZ about a Google Play app called "SMS Tracker." This research has grabbed the attention of TechWorld, which posits the question, "When a stranger installs a surveillance app we call it spyware. Does the same apply if it's a spouse?"
SMS Tracker is a Google Play app with between 10,000 - 15,000 installs. The core functionality of SMS Tracker intercepts text and multi-media messages, as well as tracking Web browser and call history, and location data. This is pretty clandestine activity.
Indeed, if this application was installed through a vulnerability or an exploit, we would call it malware or spyware; however, the purported use of the application is for parents to keep track of their children. There is even a version of SMS Tracker that installs without an icon, a notification icon or a privacy policy screen.
TechWorld makes the point "a former US sheriff was handed a probationary sentence after admitting he installed a keylogger on his wife’s work PC in order to keep tables on her communications."
SMS Tracker is a troubling application. It serves as a proof-of-concept and a template for future Android spyware and more nefariously, could be installed on any Android device with physical access. SMS Tracker serves as a good reminder to keep your mobile devices locked with a passcode to prevent surreptiticious use.
