Symantec: Hardware Fragmentation Prevents Android Call-Recording Trojan

Yesterday only, we reported about a malware app Speech Recorder, that records phone call on Android devices, as discovered by the CA Security. That prompted, Symantec researcher Irfan Asrar to take a second look at the Android.Nickispy.Asrar said that this app was available on multiple sites in China, where it has been promoted as a […]

Yesterday only, we reported about a malware app Speech Recorder, that records phone call on Android devices, as discovered by the CA Security. That prompted, Symantec researcher Irfan Asrar to take a second look at the Android.Nickispy.

Asrar said that this app was available on multiple sites in China, where it has been promoted as a solution for concerned users to confirm suspicions of infidelity by tracking a significant other's calls and whereabouts. The author had clearly stated the purpose, so anyone installing this app could not be mistaken in its intentions. Now, that's not to say someone couldn't install it on another person's phone. Still, on completion of installation, the app actually shows up with an icon marked Speech Recorder, clearly visible to the user.

Despite the fact there have been multiple reports of the app uploading the recorded voice conversations to a remote sever, our analysis has found no such functionality. It can record calls; however, physical access to the device is required in order to retrieve them. Still, the app does have the ability to send data such as the GPS location and call and SMS logs to another remote server hosted by the creator of this app. For the "suspicious husband or wife" to obtain this tracking data, they then have to pay the app's author to obtain it.

He said that Symantec could find no evidence that the application was actually uploading any of the files to a remote server. If there was ever a reason to be grateful about the so-called "hardware fragmentation" issue surrounding Android devices, this is it. "Due to the fact that not all Android hardware works the same way, we have found that if used on a real phone, as opposed to an emulator, the results can be quite different," Asrar wrote in a blog post.

In testing, researchers found the application to be quite unstable, often crashing and ending calls abruptly. Only one device managed to run the application smoothly, Asrar reported.

Although in this case the threat may have been overblown, Asrar admitted the potential threat of applications like this should not be minimized. "I offer the following suggestion: if you find yourself to be in need of such an application, take the direct route and talk to your significant other instead," he quipped.

[Source: Symantec]