Insights and Research

Zscaler Research Highlights Risk of "SMS Tracker"

Zscaler Research Highlights Risk of "SMS Tracker"

Today, I wanted to highlight some recent research from Zscaler ThreatLabZ about a Google Play app called "SMS Tracker." This research has grabbed the attention of TechWorld, which posits the question, "When a stranger installs a surveillance app we call it spyware. Does the same apply if it's a spouse?"

SMS Tracker is a Google Play app with between 10,000 - 15,000 installs. The core functionality of SMS Tracker intercepts text and multi-media messages, as well as tracking Web browser and call history, and location data. This is pretty clandestine activity.

Indeed, if this application was installed through a vulnerability or an exploit, we would call it malware or spyware; however, the purported use of the application is for parents to keep track of their children. There is even a version of SMS Tracker that installs without an icon, a notification icon or a privacy policy screen.

TechWorld makes the point "a former US sheriff was handed a probationary sentence after admitting he installed a keylogger on his wife’s work PC in order to keep tables on her communications."

SMS Tracker is a troubling application. It serves as a proof-of-concept and a template for future Android spyware and more nefariously, could be installed on any Android device with physical access. SMS Tracker serves as a good reminder to keep your mobile devices locked with a passcode to prevent surreptiticious use.

Get the latest Zscaler blog updates in your inbox

Subscription confirmed. More of the latest from Zscaler, coming your way soon!

By submitting the form, you are agreeing to our privacy policy.