What is spyware? How secret programs can see into your iPhone and record your calls.


Smartphones are an extension of one's personal life, so it's terrifying to think that someone else could have access to all of the information we keep there. Many people store photos, conversations, banking details and other private information on their smartphone. According to the Pew Research Center, of the 64% of American adults own a smartphone, 62% have used their device to look up health conditions, 57% have used it for online banking and 67% have used it for sharing pictures and videos. The personal information on a given phone is what makes the notion of spyware on mobile devices so downright frightening.

What is spyware?

Spyware is a form of malware — other types of which include viruses, adware and malicious programs that can hijack browsers — allowing an individual or organization to remotely gather information from a person's smartphone, computer, tablet or other gadget without the owner's permission or consent.

Spyware is especially problematic because the user is generally unaware that the software exists on their device. And, in the case of a "zero-day" exploit — an undetected security flaw in software known to a hacker but unknown to the developer — the vulnerability has no chance of being fixed until the manufacturer becomes aware of its existence.

"An attack on a software flaw that occurs before the software's developers have had time to develop a patch for the flaw is often known as a zero-day exploit," explains Tom's Guide. "The term 'zero-day' denotes that developers have had zero days to fix the vulnerability."

Is spyware a threat to iPhone users?

Fortunately for iPhone users, the vast majority of mobile malware threatens Android devices: In 2013, for instance, 97% of known malware threats were on Android, according to Forbes. But that's not to say iPhones are not vulnerable.

Apple rolled out a security update in August after mobile security firm Lookout and University of Toronto's Citizen Lab discovered a malware threat dubbed "Trident" that could remotely jailbreak iPhones running iOS 9. The spyware was discovered after a link in an SMS message was sent to Ahmed Mansoor, a human rights lawyer in the United Arab Emirates, from a software created by an Israel-based "cyber war" company called NSO Group.

Jon Gambrell/AP

Mansoor abstained from clicking the link and forwarded it to Bill Marczak, a fellow at Citizen Lab, who recruited engineers from Lookout, Vanity Fair reported. Together, they analyzed the JavaScript code and discovered three zero-day exploits. In other words, there were three vulnerabilities that Apple had no clue about.

At the time, CNET reported that the malware could track a user's location, access texts and emails, record calls and remotely turn on a device's microphone and camera. According to the New York Times, the three security flaws could gather passwords, too.

What safety measures can be taken?

While there is no foolproof way to prevent spyware from taking over a smartphone, there are safety measures that can be taken. International cybersecurity provider Kaspersky advises smartphone owners to refrain from installing any third-party software, such as apps that require full access to your social media accounts or unofficial apps; always check app permissions when installing new apps so that they don't receive unnecessary permission to access things like the device's microphone and location services; always have a lock screen on your smartphone; and to be vigilant of "unsolicited attachments, links and public, open Wi-Fi connections."