They’re the sort of capabilities you might ordinarily prescribe to a cybercrime group or law-enforcement agency: intercepting text messages, remotely eavesdropping on phone calls, or sweeping up emails and social-media messages en masse.
But dozens of firms around the world sell powerful mobile-phone spyware to the everyday consumer, and in many cases with the explicit purpose of enabling surveillance on husbands, wives, and lovers.
And though the U.S. Justice Department has convicted people who use this technology as well as those who sell it, Google, through its ad services, has kept on running advertisements for many of the companies that offer it, The Daily Beast has found. After being informed of the issue, Google removed thousands of offending ads, but the news still highlights how Silicon Valley companies are sometimes unwitting accomplices to the sale of illegal technology, and how those same companies often let dubious clients slip through the cracks.
With these pieces of malware, an attacker—be that a jealous or suspicious lover or stalker, for example—will need physical access to the target’s mobile phone. Typically, they’ll visit a webpage that hosts the malware and download a specially crafted app, which can keep itself hidden from the user, and that will then collect whatever data from the phone the attacker wants and send it to them in an email or store it in an online account to access later. Software is available for both Android and iPhone devices, but for the latter the phone needs to be jailbroken, which allows the installation of unauthorized apps. With Android phones, the attacker may need to turn off a security setting for similar reasons.