Malware is not only being developed and used by script kiddies or organized ransomware gangs, it's not just intelligence that turns smartphones into bugs. This is shown by commercial malware providers such as Hoverwatch. They superficially offer apps for monitoring children, so that worried parents know if the kids have arrived well at school. Employers also get a chance to monitor their employees. Often, however, such malware is likely to be used by jealous partners to monitor a smartphone - and in most cases its use is likely to be illegal.
We have tested lots of Smartphone spying programms and the App that we liked most is Hoverwatch from https://www.hoverwatch.de/en.html , one of the best-known applications in the segment, for one month on an editorial mobile phone. We looked at whether the promised features work, but above all, how spies can spot the malware on their devices.
What can Hoverwatch do?
Hoverwatch allows numerous messengers to be monitored. Explicitly named in the list of Hoverwatch is Whatsapp, the Facebook Messenger, Line, Skype and iMessage. Telegram and Tinder are also listed, although Tinder does not use continuous HTTPS encryption anyway and is thus vulnerable to other attacks. Explicitly not in the list is the popular messenger app Signal. This prevents screen shots on the function Flag_Secure on a non-booted smartphone that Hoverwatch apparently can not handle.
Hoverwatch also provides access to numerous system logs, such as the call directory. Also contacts and recorded images can be read out via a web interface, as well as the approximate location and the list of installed apps.
Monitoring someone with Hoverwatch is not expensive - a one-month package costs only 24,95 EUR, and longer subscriptions are cheaper. For example, the whole year is priced at 99,95 EUR. It is clear that in almost all cases, the use of the software is illegal. In our review, everyone who was in contact with the device knew about the spyware.
The various malware functions are accessed via a Hoverwatch Web interface. The website has a simple layout and responds with little delay to user input. In the side menu all basically available spying targets are mentioned.
Data is read out via a web interface
The read-out data can also be viewed via a dedicated smartphone app for the supervisor. This is - apparently only temporarily - usable without further costs. Hoverwatch advertises that the conversation content, unlike other monitoring programs of the competition, in the original design of the corresponding apps would be displayed.
Depending on the Internet connection of the smartphone, access to various pictures and messages actually succeeds. We can also determine the approximate location of the smartphone, even an earlier location stored in the system can be viewed.
Conclusion: unethical software, but very powerfull
Our attempt with Hoverwatch shows that the malware can deliver most of the promised features quite well - such as the monitoring of numerous messenger services and the site.
Check protection mechanisms on the mobile phone
Anyone who has a suspicion of being monitored and uses an Android phone should first check if all the protections in Playstore are enabled. This is in the menu item "Play Protect" in the Google Play app with a few simple steps. In addition, the device should always be secured with a PIN code with more than four characters and should not be overlooked.
Depending on the finesse of the installing person, there may be further hints, such as APK files in the SD card folder of an Android device. These can have different names depending on the version. Since most users do not load APK files themselves on a smartphone anyway, this is another serious hint.