Readily available consumer spyware products potentially violate a range of Australian laws relating to harassment, stalking, identity theft and fraud.
Researchers from Deakin University found that spyware products available for download on most smartphones have the potential to break Australian laws, through their manufacture, advertising and use, and have urged greater support for domestic violence support services given the risk posed to personal privacy and safety.
Dr Diarmaid Harkin and Dr Adam Molnar analysed nine commonly used spyware products in the study that was funded by the Australian Communications Consumer Action Network (ACCAN).
The nine spyware products studied were: mSpy, Hoverwatch, Flexispy, TheTruthSpy, Highster Mobile, Teensafe, Mobistealth, Cerberus and Trackview.
Their research found that without clear consent from both the users of spyware and their targets, users can violate a range of Australian laws relating to individual privacy and children – and intimate partners are most at risk.
Dr Harkin said users may have legitimate reasons for needing to access their child’s or partner’s location, but the range of other functions offered by the spyware exceeded what would be regarded as proportionate or ethical monitoring in these circumstances.
“Spyware is a particularly acute threat in the context of domestic and family violence and, more troubling, is that multiple companies explicitly encourage and promote the use of spyware against intimate partners,” he said.
“Across our sample, a clear theme emerged from the promotional materials – that the main targets of spyware were children and intimate partners, as well as employees and thieves.”
Dr Harkin said the research identified differences between iPhone and Android operating systems.
“In our technical analysis, we found that the Android operating system is significantly more permissive of spyware accessing critical phone functions such as the camera and GPS, as well as other confidential data,” Dr Harkin said.
“In order for an iPhone to be compromised in the same manner, it would need to be jailbroken, or have the manufacturing restrictions removed.”
Their research also revealed that consumer spyware companies rely on cloud-network support services such as Cloudflare, Codero, and Linode to facilitate their operations.
“If these companies withdrew their support for spyware vendors, they could significantly disrupt the ability of spyware companies to operate,” Dr Harkin said.
Recommendations resulting from the research include greater support and resourcing for domestic violence services to enable them to improve responses to the risks facing their clients.
Other recommendations include stronger enforcement by Google of its anti-spyware policy, greater attention and focus from law enforcement and public authorities on the threat of spyware, improving general privacy protections in Australia and more research and support tools to improve on-device spyware scanning.
Read the full report.
Should apps that track others be more heavily regulated? Are you worried that clamping down on these apps may harm people who use them for legitimate purposes such as keeping track of loved ones with dementia?
If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.