Research conducted by Deakin researchers has found that readily available consumer spyware products potentially violate a range of Australian laws, relating to harassment, stalking, identity theft and fraud.
The researchers found that spyware products available for download on most smartphones have the potential to break Australian laws, through their manufacture, advertising and use and have urged greater support for domestic violence support services given the risk posed to personal privacy and safety.
Alfred Deakin Institute post-doctoral research fellow, Dr Diarmaid Harkin and Dr Adam Molnar, now based at the University of Waterloo in Canada analysed nine commonly used spyware products in the study which was funded by the Australian Communications Consumer Action Network (ACCAN).
Their research found that without clear consent from both the users of spyware and their targets, users can violate a range of Australian laws relating to individual privacy and children and intimate partners are most at risk.
Dr Harkin said users may have legitimate reasons for needing to access their child’s or partner’s location, but the range of other functions offered by the spyware exceeded what would be regarded as proportionate or ethical monitoring in these circumstances.
“Spyware is a particularly acute threat in the context of domestic and family violence and, more troubling, is that multiple companies explicitly encourage and promote the use of spyware against intimate partners,” Dr Harkin said.
“Across our sample, a clear theme emerged from the promotional materials that the main targets of spyware were children and intimate partners as well as employees and thieves.”
Dr Harkin said the research identified differences between iPhone and Android operating systems.
“In our technical analysis, we found that the Android operating system is significantly more permissive of spyware accessing critical phone functions such as the camera and GPS, as well as other confidential data,” Dr Harkin said.
“In order for an iPhone to be compromised in the same manner, it would need to be jailbroken, or had the manufacturing restrictions removed.”
Their research also revealed that consumer spyware companies rely on cloud-network support services such as Cloudflare, Codero, and Linode, to facilitate their operations.
“If these companies withdrew their support for spyware vendors they could significantly disrupt the ability of spyware companies to operate,” Dr Harkin said.
Recommendations resulting from the research include greater support and resourcing for domestic violence services to enable them to improve responses to the risks facing their clients.
Other recommendations include stronger enforcement by Google of its anti-spyware policy, greater attention and focus from law enforcement and public authorities on the threat of spyware, improving general privacy protections in Australia and more research and support tools to improve on-device spyware scanning.
The full report, The Consumer Spyware Industry: An Australian-based Analysis of the Threats of Consumer Spyware is available here.