Security firm Kaspersky Lab had claimed in a blog post that MonitorMinor had too many features to be classed as a parental control app and was able to track too many services for it to be classified as such.
A MonitorMinor spokesperson told iTWire, in reply to a query, that the software had helped some parents in keeping their children away from drug use.
Kaspersky's Victor Chebyshev said the usual functionality of stalkerware was to transmit the victim's geolocation, adding that there were many such stalkerware apps with the creators often using geofencing technology.
He pointed out, given that SMS was mostly used for receiving one-time passwords, this niche had been taken over by messenger apps which even facilitated business negotiations.
"Moreover, they claim to be an alternative to 'traditional' voice communication. So any software with tracking/spying functionality worth its salt must be able to intercept data from messengers," he wrote. "The sample we found (assigned the verdict Monitor.AndroidOS.MonitorMinor.c) is a rare piece of monitoring software that could be used for stalking purposes that can do this."
He listed MonitorMinor as being able to gain full access to data in the following apps once its privileges were escalated:
- LINE: Free Calls & Messages
- Zalo – Video Call
- Hike News & Content
The MonitorMinor spokesperson said for installation of the app, one needed to have physical access to the mobile phone in question. One also needed to unlock the phone in order to install the application and remote installation was not possible. Further, before using a service, verification of email ID was mandatory.
But Chebyshev wrote: "When MonitorMinor acquires root access, it remounts the system partition from read-only to read/write mode, then copies itself to it, deletes itself from the user partition, and remounts it back to read-only mode.
"After this 'castling' move, the application cannot be removed using regular OS tools. Sure, the option to escalate privileges is not available on all devices, and without root one might assume that the software would be less effective. But not if it’s MonitorMinor."
He said MonitorMinor used Google's Accessibility Services API to intercept events in the apps listed above. "Put simply, even without root, MonitorMinor is able to operate effectively on all devices with Accessibility Services (which means most of them)."
The MonitorMinor spokesperson said: "We try our best and regularly take steps to avoid any misuse of product, [a] recent example of that is 'asking confirmation of purpose' along with aggressive response policy towards 'Violation/abuse' report and many more. We also believe our content on [our] website clearly explain[s] [the] product without misleading the users.
"We consider our software as [a] parental monitoring tool, not as 'stalkerware'."
Chebyshev said the MonitorMinor app also had a keylogger function implemented through the same API.
"That is, MonitorMinor’s reach is not limited to social networks and messengers: everything entered by the victim is automatically sent to the MonitorMinor servers. The app also monitors the clipboard and forwards the contents.
"The app also allows its owner to:
- "Control the device using SMS commands;
- "View real-time video from the device’s cameras;
- "Record sound from the device’s microphone;
- "View browsing history in Chrome;
- "View usage statistics for certain apps;
- "View the contents of the device’s internal storage;
- "View the contacts list; and
- "View the system log."
Chebyshev acknowledged that the MonitorMinor licence "clearly states that users of the application are not allowed to use it for silent monitoring of another person without written consent. Moreover, the authors of the agreement warn that in some countries such actions may be subject to investigation by law enforcement agencies. So, formally, it is hard to deny that the developers of this application took steps to provide information about the potential consequences of unlawful usage of the app".
But he said there was another side to this. "...we can’t see how this information can help potential targets of stalkers that would decide to use this app. It is very intrusive and is able to exist on the target’s device without being visible to its owner, and it can silently harvest practically every bit of the target’s personal communications.
"Due to the powerful characteristics of this app, we decided to draw attention to it and inform those who defend people from stalkerware of the potential threat it poses. This is not just another parental control application."