How to defeat Mobile Spy Software

We do not tolerate the illegal or unethical use of our remote smartphone monitoring software products like CellSpy, Guardian, MzanziSpy and others, and neither should you. If you believe that someone other than your employer or a parent may want to monitor your movements or communications then you can prevent them from doing so by following these simple suggestions

Not all devices are able to be monitored using software like CellSpy. In most cases this is due to device hardware or operating system limitations. Devices that are not classified as smartphones, e.g. the Nokia Asha models, fall into this catagory and simply do not possess the required minimum capabilities to support advanced software. If you use such a device then you are immune to spy software and will likely remain ‘unbuggable’ for the foreseeable future. Apart from these, there are a number of smartphones that are technically capable of supporting spy software, but cannot currently be monitored because no compatible product exists. Windows Phone® devices fall into this category, so if you’re using a Blackberry Z or Q model, or a Nokia Lumia device, then you’re safe for now. Just be aware that this could change at any time. Basically, unless your device falls within the phone types listed below then the only way to monitor you would be by intercepting your cell phone signals. This can only be done using equipment that is not available to the public, and exclusively for law enforcement and government intelligence services use (such as our GSM, UMTS, 3G and 4G/LTE interception and monitoring products).

Devices most at risk

  • Any Android™ device
  • Any Apple® device
  • Any Windows Mobile® device (not Windows Phone)
  • The following Blackberry® devices:
    • All Bold, Curve, Touch, Torch, Storm, and Pearl models
    • Any Blackberry model running on Blackberry OS4 to OS7
  • The following Nokia® devices:
    • Any Nokia model running on any version of Symbian S60
    • Any Nokia model running on any version of Symbian^3
    • Any Nokia model running on Symbian OS8 or OS9

There is no quick-fix app that you can install to make you safe. The obvious solution would be to use a device that is incapable of having spy software installed, but this isn’t always an option.

Having antivirus and antispyware apps installed on your device is highly recommended, but for different kinds of threats. They will not prevent spy software from being installed or from monitoring your device unless that specific version of spyware has been compromised and its details added to the antivirus database. What will ultimately keep you safe is you. Only you will truly know your circumstances and what you’ve been up to, and only you will know whether a spouse, partner, relative, business associate or anyone else might have a reason for wanting to monitor you and the resources necessary to carry it out. With that knowledge you can take the following steps to ensure that they do not violate your constitutional and common-law rights to privacy and that your personal information and communications are not being accessed without your permission.

Clean your device to remove any currently installed spy software

It does you no good to follow the remaining precautions if spy software has already been installed on your device. You need to start with a clean device – one that you know for certain has no spy software installed or running. The problem is that detecting spy software requires skills and knowledge that very few people possess. After all, if antivirus and antispyware software cannot identify the presence of spyware then it is unlikely that someone without considerable knowledge of the device’s architecture, mobile application development platforms and spyware in general would know what to look for or where to look. A number of companies, Intertel included, offer services to identify spyware on a device but it isn’t really necessary to do. Just assume that the device has spyware installed and clean it anyway. Cleaning a device seems simple enough, right? Just reset your device to factory defaults and you’re done? No, i’m afraid not. Maybe a few years ago, but not nowadays. Spyware products are continuously becoming smarter and more persistent and most products have built-in safeguards to prevent their removal, especially in such an obvious way. After a device reset, you will have removed installed apps and stored data such as phonebook contacts, call logs, messages, chats, photos and videos, but spyware could still be intact and functioning – except now you believe it is gone and this might lead you to be less careful with what you say or do. Without knowing whether or not spyware is installed or which specific spyware is installed, cleaning the device will required at least the following:
  1. Placing the device in airplane mode, turning off all connectivity, including mobile data, cellular and WiFi connections.
  2. Deleting the device’s entire memory and storage space, both internal and external, by undertaking a hard-reset or security wipe.
  3. Replacing the device’s current firmware with an official copy of the original firmware that has been digitally signed by the manufacturer.
The last step is vital because a device reset will either not touch the firmware or, if it does, it will simply reload an identical copy of the same firmware that is currently on device – that firmware might be compromised. Just understand one thing: this it is not something that you should undertake unless you know exactly what you are doing. Any mistake here could render your device unusable – permanently. It may be wiser to take your device to a cellphone technician and have it done professionally (or purchase a debugging product such as our dummy-proof DIY debugging solution – which you can use (as often as you like and without paying a professional each time) to remove any and all spyware from your device).

Enable the device’s access control features

This is very important. Nearly all spy software available on the market require someone to physically take your device, and either download or transfer the spyware onto it. Yes, remote installation is possible and there are other methods available that don’t require direct physical access, but these are covered by the other steps below. Making it impossible for a person to use your device will prevent most spyware from ever being installed. As with anything, if you’re not going to do it properly then there’s no use in doing it at all. For starters:

Set up a device password, passcode or pattern lock

This is your first line of defence so make sure it is strong. If you’re setting up a password, please follow these guidelines:
  1. Don’t choose weak passwords, use a combination of at least 8 characters including uppercase and lowercase letters, numbers and symbols
  2. Don’t use predictable passwords like your girlfriend’s name, date of birth or the word ‘password’.
  3. Don’t use the same passwords for multiple accounts. Cracking one account would give someone potential access to all.
  4. Don’t enter your password in plain view of others and beware of leaving tell-tale signs (like fingerprints or smudges on the screen that can be used to deduce a pattern lock code or password character pool)
  5. Change your password regularly

Enable the device’s automatic lock feature

A password or pattern lock is useful until you type in your password or zig-zag the screen to get access. At that time there is nothing preventing unauthorized access. If you happened to leave your device unattended then someone could possibly install spyware or snoop through your device’s data. Most smartphones and tablets will have an auto-lock or secure screensaver that can be enabled. It will basically lock your device after a preset amount of time has elapsed or after the device has been unused for a certain period. Although you should endeavour not to leave your phone lying around at all, this will at least limit the window of opportunity for someone seeking access to your device to install spyware.

Limit access to the device itself

Even with a password and all the security measures under the sun, you could still be vulnerable if you allow others to handle or use your device. If you need to let someone use your device then make sure that you are able to see exactly what is being done with it. It makes no difference whether they use their own SIM card with your device either. As a general rule, you should avoid letting other people:
  1. Use your device to send text, multimedia or instant messages. Messages could be used to trigger the deployment of spyware.
  2. Use your device to browse websites – even ones that appear to be harmless, like social media sites. Websites can be made to look like any other so pay attention to the URL. Deployment of spyware through websites is popular because it is convenient and not obvious. Visiting a Facebook lookalike website and clicking on a button wouldn’t raise much suspicion – even if you had your eyes on the screen – but that act could have triggered the downloading of spyware onto your device.
  3. Remove your SIM card or external memory cards. Nobody else has any business touching your SIM card or SD card. Although this type of spyware cannot be installed on a SIM card, it is possible to program SIM cards to facilitate the deployment of spyware. You think you’re accessing your airtime balance with a USSD command like *100# but something else could be happening at the same time. Spyware can also be deployed via SD card and activated quickly at some other point in time or left there for you to activate out of curiousity (would you open ‘naked.pic’ if you found it on your phone?)
  4. Pair with your device using Bluetooth or Near Field Communications. These methods can be used effectively to deploy spyware directly to your device. You might think that you’re getting a video of last week’s game, and you probably will, but make sure you know what else you’re getting.

Do not download apps, visit websites or click links that are suggested to you

For someone who does not have direct physical access to your device, getting you to unknowingly download and install the spyware for them is not such a bad idea. Obviously they can’t tell you that you’d be installing spyware, but they wouldn’t really need to. All they’d need to do is get you to download anything – a new chat app, game, media player, security app, or anything you might be inclined to want. Spyware apps can be customized to resemble and even function like other software applications or genuine applications can have malicious code injected into them to facilitate the installation of spyware. The internet is ideal for this sort of activity. Even if you’re naturally suspicious of new apps, would you really suspect an app you were downloading from Samsung, for example? Perhaps a device update? Depending on motivation and budget it would be relatively easy to acquire a domain that is strikingly similar or that contains the word Samsung. A web page could be created in no time that resembles Samsung’s other sites and that has content from (and links to) other Samsung resources so that if you examined it more closely it would appear to be a genuine part of Samsung’s online ecosystem. Depending on your level of security awareness it might take no more than an email or SMS from your service provider to prompt you to visit that website, click on update my device and download/install the spyware. Remember that both SMS and email communications can be spoofed. In other words, the sender’s information can be altered so that a communication can appear to come from anyone else. Don’t trust a communication just because it came from Vodacom, for example. If its asking you to click a link, visit a web page or download something then rather contact Vodacom (or whoever) directly and verify that the communication is genuine and that it is safe to proceed. You should exercise caution whenever:
  1. A person suggests that you visit a website or download a new app – no matter how believable it is. Even if they show you the app and it looks like something you’d want, rather download it from the official source or app store.
  2. You receive an email or SMS that contains a link for you to click or asks you to download any software. Don’t measure the trustworthiness of the message based on who appears to be sending it – always keep in mind that it is easy to spoof the sender’s details to look like anyone sent it.
  3. A notification appears on your device warning of a security issue or other problem and recommends a solution in the form of an app or web service that you need to download or make use of. This could quite easily be a ruse to get you to download and install spyware or other malicious software.

Related Posts

About The Author

LiveZilla Live Chat Software