Skip to content
Naked Security Naked Security

Using DroidJack spyware to snoop on your spouse could get you arrested

Some Android spyware might be legal to buy, but not to numerous users of "DroidJack" found out this week.


Jealous lovers or suspicious spouses might be tempted to spy on their significant other’s smartphone – to snoop on texts or phone calls, peek at contacts, or scour the device for files such as photos.

Some companies like mSpy and StealthGenie freely market spying apps that help snoopers to do all of those things, and more, without the device user’s knowledge.

But if you’re thinking about installing one of these apps on someone else’s mobile device without their consent, be warned – it’s not just morally questionable, in many juridictions, it’s very likely illegal.

Law enforcement has taken notice of these spyware apps, too, as evidenced by raids and arrests of users of one particular mobile spying app in Germany, France, Britain, Belgium, Switzerland and the United States.

It’s not clear at this point how many were arrested in the international law enforcement action, which Europol announced on Wednesday, 28 October, but 13 house searches were conducted in Germany, and one man was arrested in the UK, the BBC reported.

The law enforcement action, led by German authorities, targeted users of DroidJack, which, as the name implies, can hijack Android devices.

DroidJack can be used to remotely access Android devices from a PC, and remains hidden from the device owner.

That explains why security companies refer to this type of malware as a remote access Trojan, or RAT (RATs are also used to spy on PCs, frequently as a way to remotely turn on a victim’s webcam).

SophosLabs has been detecting DroidJack as malware since August 2014 (Sophos detects DroidJack as Andr/SandRat).

SophosLabs senior threat researcher Anna Szalay tells me that DroidJack has been packaged with other apps to disguise it, for example, as a Muslim prayer app and even a mobile security app.

It can access any part of the device and just about any function you can think of – it can even spy on encrypted chats sent via WhatsApp by stealing the unique encryption key and storing the chats in plaintext.

It looks like DroidJack’s developer may have started out creating legitimate apps, including one still available on Google Play called Sandroid PC Remote.

But at some point the developer decided to turn his app for remotely accessing a PC into its opposite – we’ve seen a spammed out message from the developer proclaiming as much.

DroidJack is available on a public website (Sophos Antivirus blocks the website as a malware repository) for $210, and includes features such as:

  • View, send or delete SMS messages from the target device
  • Listen to phone calls, retrieve call logs and make a phone call from the device
  • View, add, or delete contacts, call or SMS contacts
  • Turn on the device’s microphone for live listening and recording
  •  View browser history and bookmarks
  • Open an app on the device
  • Track location via GPS
  • Stealth mode to hide the app from the device launcher

Although the recent law enforcement action targeted users of DroidJack, it doesn’t look as if the developers of DroidJack are in danger of being arrested at this point.

Mobile RAT makers attempt to walk a fine line by marketing their apps for legitimate uses like parents monitoring their children’s phones or employers keeping tabs on their workers’ company-owned devices.

Selling your spyware as a way to monitor your spouse or lover for infidelity, however, could get you in trouble, as the CEO of the StealthGenie mobile RAT found out when he was fined $500,000 in 2014 for explicitly marketing the app to the “spousal cheat” market.

DroidJack’s marketing might not go quite far enough to cross any legal lines, but let’s not kid ourselves – if it looks like a RAT and smells like a RAT, it’s probably a RAT.

Jump to our '10 Tips for Preventing Mobile Malware'...


Free download (no registration, no time-limit)...

Image of phone spying courtesy of

1 Comment

funny how something IN MY HOUSE can be seen as “private” . Things stored on the physical phone itself, or computer… IN MY HOUSE. thats like deeming a bedroom is somehow private IN MY HOUSE… but guess what? when youre arrested, the police, suddenly have access to whatever the Heck they WANT though right?

its all about protecting piss poor behavior, assuring adultery and pornography rolls forward, and handing the power to governments and police instead of stopping it at the family level. Because you see the police and jails make money off you being arrested, the porn industry makes money off you watching what you watch in secret, the dating sites make money off you secretly using their sites, and HUSBAND AND WIVES keeping them the heck out would threaten all of that. so the couple themselves are the ones called “troubled” and Bad” for not allowing the person to freely cheat without any effort to prevent the person…

then they say, well if you find out, IF you find out thanks to all the efforts the companies make to hide it… go to council …another money maker. Of course they will also suggest divorce as well, for its not like they are pro marriage nowadays. NO ONE is.


Funny…when I lose my home, and get thrown out in foreclosure, whats in it, then belongs to the people that lock the doors on me. if they want to sell it, they can…AND ANY DATA FOUND ON IT…
If I have a storage unit, and I lose it? ALL INSIDE IT IS GONE…and ANYTHING ON A COMPUTER…

the jackson 5 lost masters, and other valued recordings that way and there was nothing they could do…
You see, that was money for the people making money at the auctionblock…what a MONEY FIRST Country the usa is…


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!