There is a large amount of so-called smartphone “spy software” available that promises to log everything a phone does, while attempting to remain undetectable. Compromised devices are easily traceable via GPS, can record incoming and outgoing text messages, log phone calls, and can even be used to view photos and browser history.
Installing such software on Android or BlackBerry devices is morally questionably, but generally easier than doing so on an iPhone. To spy on an iPhone, you’ve got to circumvent Apple’s own restrictions and protective measures, potentially exposing the device to security holes and software incompatibility in the process.
Think you’ve got a compromised device? Wondering what you can do about it? Here’s what you need to know.
A Legitimate Use?
Spy software, by its very nature, is designed to snoop on people. It is for this reason that anyone reading this who is contemplating installing such software probably doesn’t care what I have to say about any aspect of doing so. If you’re already thinking about doing this, you’ve probably already ethically justified the practice in your head. Whatever your reasoning for doing so, it’s always worth considering how you would feel if someone did the same to you.
Most spy software is marketed in a very broad way. Not only is it advertised to snoopers who want to track the location of an individual, or spy on someone’s smartphone usage but it’s also marketed as a legitimate security tool. This is ethically questionable at best, and a massive breach of privacy at worse. Unfortunately we can’t change the minds of those who are already engaged in the practice, but we can try to redress the balance for those drawn in by dishonest marketers.
Parents — do not use this software to trace your children. There are free and safe ways of sharing a location from an iPhone, which we will come to at the end of the article. Some marketers try to target employers, so employers — do not use this software to spy on your workforce. If you feel like you need to be concerned about smartphone security in your workplace then you shouldn’t be allowing non-company devices in the workplace. Period.
Warranty, We Hardly Knew Ye
There is no spy software on the market that will be able to do all it promises – i.e. spy on any activity, trace any location or upload any camera images – without voiding the target device’s warranty. Parents installing such software will be voiding warranty on those devices. Paranoid other-halves will be voiding their spouse’s warranties also, and this goes for employers too. This is because you’ll need to jailbreak the iPhone before you can do so.
Apple takes a hardline approach to security. The iPhone is not designed to run non-Apple software, and doing so is seen as a security violation by Apple. Tampering with system-level software isn’t illegal, but Apple can and will detect the practice if you ever take the device in for repair. Android does things differently: unchecking a box in settings allows the installation of non-Google Play apps, and it’s just as easily reversible.
Jailbreaking involves loading custom firmware onto the device which provides greater freedom, allowing users to run unsigned software. Spy software is always unsigned for two reasons: it would never be able to perform its spying duties due to iOS permissions, and Apple would never allow it in the App Store in the first place. Many people don’t realise it but with some preparation a jailbreak can take a matter of minutes to complete.
Jailbreaking will also void any AppleCare after-sales warranty that has been purchased. Jailbreaking is fine if it’s your own iPhone and you understand the risks involved in doing so. Even a jailbreak gone wrong is unlikely to “brick” your iPhone. But jailbreaking someone else’s device without their knowledge isn’t very nice.
Unsigned apps can potentially include malware. If the root SSH password remains unchanged once the jailbreak is complete, malware could run riot on your phone and with no Apple guardians to oversee software, you have to rely on third-party developers to be the judge and jury. If you think about it, spy software is malware by design but marketed as valid software.
iPhones and other iOS devices that have been jailbroken can sometimes have problems running legitimate App Store apps. Developers have ways of detecting a jailbreak and can now prevent jailbroken devices from using their services. One example would be DIRECTV which delivers streaming video and another reported app is Skype for iOS. Many banking apps are also restricted for obvious reasons, as is PayPal. Getting these apps working again involves playing a game of cat and mouse between developers and the jailbreak community.
Some companies even offer so-called jailbreak-free monitoring, which requires the Apple ID login credentials of the target and access to iCloud Backups in order to work. This uses Apple’s own geo-location service (Find my iPhone) to locate the device, as requires unhindered access to the entire phone backup. Essentially you’re handing the keys to the victim’s entire Apple identity to a shady company that specialises in spying on people.
Detecting Spy Software
There’s actually no guarantee you’ll be able to find evidence of the spy software itself, as such software is designed to be hidden from view. Instead there may be a few left over telltale signs of a jailbreak, and if you find them and but have not performed a jailbreak yourself then you should be suspicious of anyone who has had access to your device. If your partner or parent has jailbroken your device for you then it isn’t certain you’re being spied upon, but it is very difficult to prove otherwise without reverting to stock firmware.
The biggest telltale sign of a jailbreak is the Cydia app. Even if this app has been hidden from the home screen, searching for it (pull down or swipe to the right on your homescreen) should still find it. If the application is there, your phone is jailbroken (don’t worry about Wikipedia entries, as per the screenshot below).
There is no guarantee of finding Cydia, and the careful snooper will probably try all they can to hide any signs of a jailbreak. Other apps to search for that might suggest a jailbreak include Installer, Icy, SBSettings, Absinthe and Installous. Similarly, installing an app like PayPal (mentioned above) might reveal something is up if they refuse to run.
Removing The Software
Because jailbreaking is a game of cat and mouse played between Apple and the jailbreak community, the latest is rarely ever able to be jailbroken. Keeping your phone up to date and performing all iOS updates as and when your iPhone notifies you about them is the best way to remain secure. Apple is quick to patch security vulnerabilities and jailbreak exploits, and rolling your phone back to old firmware is rarely an option. Even if your iPhone has been jailbroken, removal is surprisingly easy.
Reverting your phone back to stock Apple firmware does the trick. Apple may be keeping track of unique identification numbers (UDIDs) of jailbroken devices via the App Store, but it would seem restoring your phone “as new” will remove all traces of a jailbreak.
To restore your iPhone launch iTunes on a Mac or Windows PC and choose Restore — hit Back Up Now first to save all of your data. If you do choose to backup and restore, there’s a chance some evidence of the jailbreak will be retained, but the jailbreak itself will be gone. If your phone needs attention from Apple (either as part of a 12-month warranty or the extended AppleCare package) then you may be denied service if evidence of a jailbreak is detected.
Parents Listen Up
There are two very easy to use free alternatives to spy software for parents who are concerned about the whereabouts of their children. Find My Friends works across Apple devices and uses Apple IDs to connect friends and family. By authorizing a friend or family member to view your location in Find My Friends, they will be able to see where you are whenever they like. If you have young children you can enable location sharing within Find My Friends, then use iOS restrictions to prevent changes to Location Services.
Find My Friends works best with the consent of the user, and could be a great opportunity to establish a system of trust with your children. It will not record messages, phone calls, or camera activity because it is not spy software, but a tool for staying in touch. Using Find My Friends doesn’t teach your children that spying on people is the right thing to do and can be used to establish a dialogue regarding personal safety and even smartphone security. Talk to your children about why you want to use such a service.
The other way to share location between iOS devices is via the Messages app. Simply open a conversation on the device, hit the i button in the top-right corner, and hit Share My Location. You can choose to do so for an hour, for a day, or indefinitely. You can then stay in touch by opening the same conversation on another device, and hitting the i button.
If you’re worried about your children’s uncanny ability to lose things then remember to enable Find My iPhone, a similar service accessible via iCloud. For as long as the phone is left in the same state it was when it was lost it will be traceable using Apple’s own plan B.
This isn’t a lesson in parenting, but a lesson in ethics and trust. It’s also a lesson in not being ripped-off by marketers trying to sell you a wolf in sheep’s clothing. Take a close look at the FAQs and you’ll see the requirement for a jailbreak quietly mentioned — usually an old, outdated version of iOS with known security breaches — behind advertising phrases like “completely undetectable.”
A Final Word
All software that promises to spy on an iPhone requires a jailbreak. Some do not mention it in their marketing speak, but it’s a requirement and it always will be. Many of these packages are not one-off payments but subscription models that require a minimum term, which quickly adds up. Be smart, be safe, be honest and don’t get ripped off.
And remember, spy software is not the only iOS security issue you should know about. Your iPhone can be vulnerable in other ways too.
Article updated by Tim Brookes on October 27, 2016
Image credit: Jonathan Grado via Flickr