Close Menu

This sleazy Android spyware requires a password to uninstall. Below is how to delete it without one.

TechBrunchBy 6 Mins Read


Consumer-grade phone monitoring apps aren't just meant to keep you stealthy. Some of these apps are making them increasingly difficult to remove.

TechCrunch has effectively blocked the stealth phone monitoring app for Android so that it can remove the app by Android device owners who require a password to identify and uninstall it.

Spyware apps that don't name them to promote relying on people who plant their apps and enable Android's built-in features, allowing their apps to “overlay” content over all other apps. Once this permission is granted, the Spyware app will use this overlay access to force a password prompt whenever a user attempts to uninstall or disable an app via Android settings.

Worse, the password to uninstall this spyware is set by the planter.

Animated GIF for Android Uninstall screen that forces you to display a password prompt when you try to uninstall an app. Entering the wrong password will close the page on the home screen.

Image credit: TechCrunch

There is a solution. TechCrunch's own tests showed that when restarting an affected Android device to “safe mode”, third-party apps containing spyware can temporarily prevent loading, allowing affected individuals to delete the app without a password prompt.

This Consumer-Grade Spyware app is part of an ecosystem of mobile phone monitoring services that promotes and sells apps under the guise of allowing parents to monitor their children's phone activities and businesses to track employees. However, these apps are also the term “Stalkerware” (or “spouse wear”). This is because many people explicitly advertise the app as a way to sn-snap your spouse or romantic partner without their consent.

These spyware apps are usually downloaded from outside the official Android app store and are usually planted by people with knowledge of passcodes and have physical access to a person's phone.

These apps will be intentionally hidden when an installation is installed to keep the app icons stealth from the victim's home screen. Meanwhile, we continuously upload people's mobile phone content, including text messages, photos and real-time locations, to web dashboards that are accessible to abusers.

Often, the only way to identify an app is to look into specific Android device settings that are commonly configured to facilitate monitoring of secret devices and identify the specific apps to remove.

However, for this particular Spyware app, the password popup blocks the ability to uninstall unless the correct password is entered.

A screenshot shows a password prompt overlaying Android uninstall settings to prevent users from deleting the app.

Image credit: TechCrunch

A screenshot shows a password prompt overlaying Android uninstall settings to prevent users from deleting the app.

Image credit: TechCrunch

How to identify and remove spyware that supports Android passwords

It's quick and easy to see if your Android device is compromised by consumer-grade spyware. Remember that removing spyware is more likely to warn those who planted it, so it's important to have a safety plan before proceeding.

TechCrunch has a general Android Spyware removal guide that will help you identify and remove common types of phone spyware and stalkerware and turn on the correct settings to protect your Android devices.

This particular spyware may not appear as a home screen icon, but the list of installed apps will appear as an unexplained app called “System Settings” that features the default Android icon.

The Spyware app takes advantage of another built-in Android feature called “Device Admin.” This allows businesses to remotely manage employee mobile phones, but is frequently abused by the Spyware app, giving wide access to victims' devices and data. If your device has an unrecognized device management app enabled, it may be a spyware app. You may receive a password prompt when you try to uninstall an app.

However, when you restart your Android device to “Safe Mode”, only the Android Core System app can run by default, allowing users to troubleshoot or remove buggy or problematic apps. (The 2016 stack exchange thread confirms this technique.)

TechCrunch tested and checked this process on several virtual Android devices. I planted this with spyware. Virtual devices allow you to run your apps in a protected sandbox without providing real data such as location.

Before proceeding, please note that if you enter the following steps to identify and remove safe modes and spyware apps, they may differ depending on your Android device model and software version.

Normally you will be prompted to press and hold the power button on your Android device until you see a set of options on your screen, then touch the “Power Off” button and ask if you want to “Reboot to Safe Mode.”[OK]and wait for the device to restart.

Android screenshot showing power options, with a red arrow above it "Turn off the power" button

Image credit: TechCrunch

Android screenshot with a read dialog box, "Reboot to safe mode," The text continues: "Do you want to restart to safe mode? This will disable all third-party applications you have installed. Reboot will restore it." There is a red arrow above "got it" button.

Image credit: TechCrunch

Android devices will display “Safe Mode” in the corner of the screen when the device successfully enters Safe Mode.

From here you can find the spyware app in question by looking into the installed “Device Management” app in your Android settings. If you have an unrecognized device management app, you can turn off the switch and then select “Deactivate and Uninstall” from the Device Management app settings.

Android phone screenshot showing "Device Management App" Set with the arrow pointing to switch apps using Device Management Access.

Image credit: TechCrunch

Android screenshot shows a device management app with spyware installed called

Image credit: TechCrunch

Once the spyware app is removed as a device administrator, you can uninstall the app completely from your device. This can be done by opening Android settings and then opening “Apps”.

From here you will be able to identify the specified spyware app from the list of apps installed on your device. If you look at the SAFE mode app information screen, you should be able to select “Uninstall.” If you are asked to delete the app, press OK.

(As an aside, Android cannot uninstall system apps that are essential for device functionality from this screen.)

A screenshot of Android in safe mode showing a spyware app called

Image credit: TechCrunch

Screenshot of Android in Safe Mode with an app that uninstalls the dialog box, with a red arrow above it "got it" button

Image credit: TechCrunch

At this point the spyware has been removed. Forced stopping and deleting a Spyware app can warn the person who planted the app no ​​longer works.

To exit Android Safe Mode and return the device to normal state, you can restart the device by pressing the power button and selecting “Reboot”.

You also need to create immediate steps to protect your device, such as setting a longer, unique passcode or alphanumeric password to prevent future physical access. You can also protect web accounts on devices that include Google accounts to prevent further misuse.

If you or someone you know needs help, the domestic domestic violence hotline (1-800-799-7233) provides secret support to victims of domestic abuse and violence 24/7. If you are in an emergency, call 911. If you think your phone is compromised by Spyware, then the federation against Stalkerware has resources.



Source link

Share.

Related Posts

Leave A Reply