Removing Spyware From Your Phone

Before we can begin, if your Android is rooted or your iPhone is jailbroken, revert them, or bring it to us because spyware on such custom ROMs can just be spyware. Moving forward, anyone using Android or iPhone needs to be aware of the vulnerabilities and weaknesses of their environment(s). For example, almost everyone using mobile phones will go to a website. Websites contain vulnerabilities through cross-site scripting, cross-site request forgery, SQL injections (less common these days), etc. These are vulnerabilities because websites can be properly secured to prevent such attacks. Such vulnerabilities are there because the website have not been configured to protect against such attacks. On the other hand, weaknesses, such as JavaScript, saved sessions in cookies, open to the world, etc.,are harder or impossible to secure. For example, JavaScript is a scripting language that runs on Web browsers. The ability that websites can run programs as long as the browser is open is a weakness. With that said, without JavaScript, the websites would look like a 90’s website, or they would look like using TOR with the highest security settings turned up. Simply put, websites without JavaScript would look old and have very little to zero functionality for today’s standards.

Fortunately, Android and iPhone provide apps through reputable stores (App Store, Play Store, Galaxy Store, etc.) in order to mitigate such risks and use the phone’s hardware to the maximum extent, among others. Of course, there are some less than positive reasons for forcing users to only use the stores, but that is beyond the scope of this article. It is important to note that downloading from a store does not protect malware from entering 100 percent of the time. Recently, “Adware on Google Play and Apple Store installed 13 million times.”

Back to point, the first step to preventing spyware – software/hardware that monitors user behaviors (e.g., location tracking, texting, items browsed, etc.), is to not download any apps or go to any websites, turn off one’s phone, and cover it completely in a metallic mesh. More realistically, spyware will be considered its definition but with malicious intent (which has become pop culture). For example, “Extended spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information (PII) and in some cases, passwords, to Google and Microsoft respectively.” For this reason, among others, we consider spyware software/hardware and not just a subset of malware. Google and Microsoft cannot be considered malware producing companies (personal feelings aside (for everyone)) because they spend billions a year to secure and make their systems compliant.

With regard to removing malicious spyware from a mobile phone, one needs to check all apps and what those apps can access. Second, clearing all cache from all browsers is important. After that, it is imperative to remove all unused or unwanted apps and apps that were not downloaded from reputable stores. In conclusion, the best one can do is know what information is being gathered and what apps/companies have access to such information.

References

https://www.bleepingcomputer.com/news/security/adware-on-google-play-and-apple-store-installed-13-million-times/

https://www.bleepingcomputer.com/news/security/google-microsoft-can-get-your-passwords-via-web-browsers-spellcheck/

Scroll to Top