FlexiSPY is a commercial spyware application designed to monitor activity on mobile devices and computers. Developed by Flexispy Ltd, a UK-based company, FlexiSPY has been on the market since 2006 and remains one of the most feature-rich and controversial mobile surveillance tools available.

Technical Overview

FlexiSPY is designed to be covertly installed on a target device, where it runs in the background to capture a wide range of data and activity. The software is compatible with Android, iOS, Windows, and macOS.

Key features include:

• Call recording and logs for Phone, FaceTime, Facebook, LINE, Skype, Viber, and WhatsApp, along with call interception, Spycall, and environment recording.

• Remote access features like RemCam, RemVid, Spoof SMS, call notification alerts, and SMS keyword deletion.

• Message monitoring across multiple platforms, including Facebook Messenger, Instagram, iMessage, LINE, Skype, Viber, WhatsApp, BBM, Hangouts, Tinder, and WeChat, along with email tracking and application screenshots.

• SIM change notifications, notes, call logs, address book, SMS, MMS, and location tracking with geo-fencing, plus browsing activity and browser bookmarks.

• Monitoring of network connections, application activity, installed apps, and keystrokes (keylogger), along with access to photos, videos, audio files, wallpaper images, and calendar entries.

• Remote command options for restarting the device, changing software features, uninstalling or deactivating software, checking battery status, and upgrading or renewing software.

• Additional features include visibility options (hidden mode), jailbreak hiding, automatic remote updates, and dashboard alerts, with protection from uninstallation and free updates.

Data captured by FlexiSPY is uploaded to the company's servers, where it can be accessed by the user through an online control panel. The software is designed to operate stealthily, hiding itself from the device's user and anti-malware scans.

Evasion Techniques

FlexiSPY employs several techniques to evade detection:

1. Icon hiding - The app can hide its icon from the device's home screen and app drawer.

2. Process obfuscation - FlexiSPY disguises its processes with innocuous names like "Sync Services."

3. Encryption - Captured data and configuration files are encrypted using AES and RSA.

4. Anti-analysis measures - The app includes native ARM libraries that are more difficult to reverse engineer than Java code.

5. Accessibility abuse - FlexiSPY exploits Android's accessibility features to monitor other apps.

Security Breaches

In 2017, hackers claimed to have breached FlexiSPY's servers, releasing portions of its source code and customer data. Security researchers have also identified various vulnerabilities in the software, including weak encryption and poor data storage practices. 

One of the key revelations from the 2017 breach was that some FlexiSPY systems used weak default credentials (username: "test", password: "test").

This breach wasn’t an isolated incident, as the spyware market, in general, has a long history of hacking incidents. Numerous companies in the spyware space, including FlexiSPY, have suffered repeated security breaches:

• Retina-X

• Mobistealth

• Spy Master Pro

• SpyHuman

• Spyfone

• Family Orbit

• mSpy

• Copy9

• Xnore

• TheTruthSpy

• KidsGuard

• Xnspy

• Support King

• LetMeSpy

• Spyhide

• WebDetective

• pcTattletale

Many of these companies have either gone out of business or face ongoing legal and security challenges due to repeated breaches. Given the frequency with which these companies are hacked, it's probably a smart idea not to use stalkerware if you want your data to remain secure.

Ethical Concerns

While FlexiSPY markets itself for legitimate uses like parental control and employee monitoring, the software has been linked to more malicious purposes.

Research has shown that spyware like FlexiSPY is frequently used by abusive partners for stalking and control.

In 2018, a UK police officer was sued for allegedly using FlexiSPY to illegally monitor his former partner.

The legality of using FlexiSPY is murky and depends on jurisdiction and context. In many cases, installing it on someone else's device without consent may violate wiretapping and computer fraud laws.

Here at iVerify, we have also found evidence on forums and networks that cybercriminals often share tutorials on FlexiSPY for cybercrime.

If you take a look above, for example, you will see a thread on a cybercrime forum that mentions interception capabilities.

FlexiSPY often comes up in frequent discussions where cybercriminals look for spyware or stalkerware to use on victims.

Considering these factors, it's hard to ignore the tool's numerous potential uses for criminal activities. Additionally, it seems likely that the individuals behind its development are, to some degree, aware of these implications.

Download the full History of Stalkerware report

Take Your Next Steps With iVerify

Strong defensive measures are needed against today's mobile threats - iVerify's Advanced Mobile EDR combines threat detection, mobile forensics, and automated response and remediation.

Such a holistic approach provides optimal privacy and security against advanced mobile malware, unpatched vulnerabilities, smishing attempts, and credential theft at the enterprise level. Read more on how we can protect your organization.