Over the last month, I’ve written two lengthy whitepapers discussing malware affecting Android devices.  The first whitepaper looks at some spyware applications that are avialable for Android that have not yet been published to the Android Market.  In that paper we discussed Mobile Spy and MobiStealth, as well as the bank phishing app from Droid09 that actually made it’s way into the Market for a short period of time before the community reacted and had it taken down.

The second whitepaper has yet to be published, but as a sneak peak, we take an in depth look at Android spyware that is currently in the Android Market and being marketed as tools to facilitate “legal” spying, as well as “illegal” spying.  The handful of applications from various developers that we found used different methods to hide themselves from detection, which is the determining factor when SMobile categorizes an application with monitoring capabilities as spyware.

Call it job security or bad luck, but almost as soon as I was done with these papers we found that FlexiSpy published their first version of spyware for Android.  As you may or may not remember, FlexiSpy is widely considered to be the leader in spyware for smartphones.  To date, they offer versions of their software for Symbian, Windows Mobile, BlackBerry, iPhone and now Android.  Various versions of FlexiSpy offer different levels of spying capabilities at different cost to the consumer.

Though there are now a multitude of imitators attempting to compete with FlexiSpy’s capabilities, it is undeniable that FlexiSpy did the lion’s share of the initial work in developing the capabilities necessary to make these types of applications a reality.  Traditionally, FlexiSpy offers the ability for an attacker to:

• Read the victim’s call records
• Determine device’s GPS location
• Read SMS and Email messages
• Listen in on actual phone calls as they are in progress
• Notify the attacker when the SIM has been changed
• Can activate the device’s microphone (spy call) in order to listen to ambient room conversation
• Remote configuration of the spyware via undetectable SMS messages
• Central management of acquired logs via web portal

Fortunately for unsuspecting victims, the version of FlexiSpy that was just released for Android devices only allows an attacker to read the victim’s call records, read SMS messages, and determine GPS location.  Well, I guess that’s still enough to be considered spying.  However, as a means to further ingratiate themselves with those that would want to illegally spy on someone’s activities, FlexiSpy is being generous enough to offer the Android version of their app for free for personal use.  If you would like to use FlexiSpy for “professional use”, you’ll have to check back later to see if they have published their professional version.

As we’ve already seen FlexiSpy do, they’ll likely begin to ask their customers to consider SMobile’s anti-virus/anti-spyware software to be considered malware.  According to FlexiSpy, who are we to “interfere with legitimate, legal and accountable software”? I mean, who appointed us judge, jury and executioner anyway?

As long as service providers, enterprises, and consumers turn to SMobile to protect the privacy of their personal information and communications, we’ll continue to identify, categorize and “interfere” with applications that attempt to illegally monitor the activities of unsuspecting users.  Besides, if you have our software and it tells you that FlexiSpy is installed and asks you if you would like to remove it, if you already know it’s on there…what’s the problem? Right?