Malware is not only being developed and used by script kiddies or organized ransomware gangs, it's not just intelligence that turns smartphones into bugs. This is shown by commercial malware providers such as Flexispy. They superficially offer apps for monitoring children, so that worried parents know if the kids have arrived well at school. Employers also get a chance to monitor their employees. Often, however, such malware is likely to be used by jealous partners to monitor a smartphone - and in most cases its use is likely to be illegal.
We have tested lots of Smartphone spying programms and the App that we liked most is Flexispy, one of the best-known applications in the segment, for one month on an editorial mobile phone. We looked at whether the promised features work, but above all, how spies can spot the malware on their devices.
You can download Flexispy here.
What can Flexispy do?
For our test we limit ourselves to the basic version of the spyware. This allows numerous messengers to be monitored. Explicitly named in the list of Flexispy is Whatsapp, the Facebook Messenger, Line, Skype and iMessage. Telegram and Tinder are also listed, although Tinder does not use continuous HTTPS encryption anyway and is thus vulnerable to other attacks. Explicitly not in the list is the popular messenger app Signal. This prevents screen shots on the function Flag_Secure on a non-booted smartphone that Flexispy apparently can not handle.
The basic version also provides access to numerous system logs, such as the call directory. Also contacts and recorded images can be read out via a web interface, as well as the approximate location and the list of installed apps. For this version of the malware, it is not necessary to root the smartphone or jailbreak iOS devices.
Monitoring someone with Flexispy is not cheap - a one-month package costs $ 69, and longer subscriptions are cheaper. For example, the whole year is priced at $ 149. It is clear that in almost all cases, the use of the software is illegal. In our review, everyone who was in contact with the device knew about the spyware.
We have not tried the more expensive Extreme version of the software. This is offered in a subscription from three months for 199 euros. This should make it possible to eavesdrop or pick up phone calls and turn the smartphone into a bug. For this it is also necessary to roughen the device or to install a jailbreak. Basically, Flexispy is compatible with almost all Android devices (versions 4.0.3 to 7.1.1), iOS is supported only up to version 9.1. Flexispy offers a newsletter on its website. There, of course, potentially affected people can inform themselves about the state of software development.
Flexispy is user friendly
Flexispy has great ease of use. If you look around the website for a little longer, you will be contacted by an English-speaking support staff member in the chat room. If you ask there, if the software can be used to control the partner in secret, the frank answer is "natural". Flexispy also offers the option of having the malware installed on the target smartphone by a company technician.
If you want to book the installation service, you have to pay around 30 US dollars in addition to the package price. It is explained in advance that physical access to the target smartphone is necessary. The device to be monitored therefore not only has to be in the hands of the buyer of the spyware, but must also be unlocked and ready for use. The handling and the service on the site are first professional. The contact is fast and friendly, the information accurate. This will change during our experiment, however.
We have a smartphone trojan installed
We decide to have the malware installed on a Honor 6X smartphone using the installation service. Because we know in advance that we need to share a computer with TeamViewer for the installation, we use a dedicated virus computer that is not connected to the editorial network. We start the process by giving our order number and some other information about the hardware to an employee in the chat room.
It quickly becomes clear: this process will not become highly technical. All we have to do is connect the smartphone to the computer, enable the developer mode on the device and allow ADB requests. In between, there are always long waiting times - apparently the technician is busy with several installations at the same time. After a few more nasty comments, the support staff starts the ADB request, which we immediately confirm. This is followed by the actual installation, which only takes a few moments.
Without technical support the installation would have been faster
Ultimately, the infection process takes about 20 minutes, including a lengthy activation procedure. If we had downloaded the malware ourselves from the site, the installation would have been faster without the waiting times and errors.
Already during the installation it is striking that the creators of Flexispy promise many functions, but their malware did not appear to disguise very well. Because we are asked before installing the Play Store, the function "Google Play Protect" completely off. Despite their sometimes lurid advertising, the Flexispy makers do not seem to have the techniques to inject malware deep into the system, as is the case with the Trojan Skygofree, for example.
With Play Protect, Google regularly checks the integrity of the system and also the apps installed on the smartphone. The mechanism is therefore also a protection against regularly occurring in the Playstore malware.
But in the list of installed apps or in the Task Manager, Flexispy does not actually show up after we hide it once when the installation is complete.
The various malware functions are accessed via a Flexis Web interface. The website has a simple layout and responds with little delay to user input. In the side menu all basically available spying targets are mentioned, even if we use only the small version of the Trojan - only the extended functions are not accessible. However, the interface is just one way to read the data.
Data is read out via a web interface
The read-out data can also be viewed via a dedicated smartphone app for the supervisor. This is - apparently only temporarily - usable without further costs. Flexispy advertises that the conversation content, unlike other monitoring programs of the competition, in the original design of the corresponding apps would be displayed.
Depending on the Internet connection of the smartphone, access to various pictures and messages actually succeeds. We can also determine the approximate location of the smartphone, even an earlier location stored in the system can be viewed.
Find Flexispy and secure the smartphone
Luckily, there is a pretty easy way to track down the program. For this we did not use any of the sometimes questionable, mobile virus scanner apps from security companies, but Android on-board tools. After reactivating the Play-Protect service disabled during installation, the device can be checked by clicking on unwanted software. After a few seconds, Google finds a bug in the Android system files and cleans up the problem after clicking again.
Thus, users without prior knowledge do not know that exactly Flexispy was found - this would require a more detailed forensic analysis. But it is clear that monitoring software was discovered on the device.
Although this does not guarantee a complete uninstall, a connection to the web application does not succeed after the removal. Those who track down the malware in this way, they should not immediately uninstall, but hand over the smartphone for evidence to the authorities.
Because the monitoring of the smartphone without the user's knowledge is an interference with information technology systems and thus a criminal offense. In addition, the actual personal life of the actual smartphone users and their contacts is interfered with. Anyone spying on a smartphone can be convicted - up to two years imprisonment. If this happens in an employment relationship, further offenses could be added.
In addition to the Play Store, there may be additional hints on the app, especially if it was forgotten after the installation to delete the APK file from the download folder of the smartphone. The name can change with new versions, so a detailed statement can not be made here.
Protect your smartphone from infection
Of course, the best protection is to secure your smartphone from the start with a strong PIN code. In addition, all security updates should be timely recorded and regularly checked to see if the security settings are correct. For most users, this means turning on Play Protect and disabling the installation of apps from other sources. In addition, developer mode should be disabled after use when not in use.
Often, retrieving a GPS location or transferring larger amounts of data could also affect battery life, indicating an infection. However, in our test we can not find any drastic effects of Flexispy on the battery life. However, we do not use the software to permanently retrieve information from the smartphone.
Conclusion: unethical software, but easy to remove
Our attempt with Flexispy shows that although the malware can deliver most of the promised features quite well - such as the monitoring of numerous messenger services and the site. However, at least with the current version, it is relatively easy to track the software on an Android smartphone.
Check protection mechanisms on the mobile phone
Anyone who has a suspicion of being monitored and uses an Android phone should first check if all the protections in Playstore are enabled. This is in the menu item "Play Protect" in the Google Play app with a few simple steps. In addition, the device should always be secured with a PIN code with more than four characters and should not be overlooked.
Depending on the finesse of the installing person, there may be further hints, such as APK files in the SD card folder of an Android device. These can have different names depending on the version. Since most users do not load APK files themselves on a smartphone anyway, this is another serious hint.