Home

For Educational use only. To better understand how applications like Pegasus spyware functions within the Android ecosystem.

This was first started around 2014 for use in a specific use case and underwent several releases for the client. This release was the second or third beta version. I haven't tried to build it in modern Android Studio, but the debug apk seemed to work on Android 11 devices. I removed the debug APK(Sorry). Issues

I long ago lost the documentation for this application. So anyone researching Android Spyware will have to piece together how this ran. The functions that record audio or video need a singleton implementation missing in this release to prevent clashing in the write operation. Otherwise they will cause a race condition and the newer write to file trigger will cause the current recording instance to die. Job Scheduler: If I recall this application was very hard to kill. This release is also missing the pattern to ensure only one instance is running as a service. Error Handling

This application utilized robust custom error handling for the camera to prevent the user from becoming aware that their camera was in use. I can't remember if this release has that feature implemented and working or if this was an earlier beta version. Uses

I have several related repos to this app here on github that were basically proof of concept demonstrations to win this contract. This was an actual release. In the final release it had grown into a fully featured robust framework for using an Android phone as a remote sensing apparatus. One demonstration was accidentally leaving my phone behind in a code review to use the bathroom and returning to play what everyone was talking about while I wasn't there.

I could set up the sensor triggers to know when someone was on my front porch. When the mailman had touched my mailbox, when a new bluetooth phone came into range and a variety of other useful features.

The final release featured the ability to mimic a system app by manufacturer.IE:LG phones the App would display a notification that LG VirusRemoval was running etc. Client was interested in targeting via social engineering name brand China manufacturers that were not common in the West. In a handful of cases, it could write to root and be there forever. The final release also featured a handful of fake apps, such as games, photo filter apps, that would run this framework silently while pretending they were harmless. Along with a geolocation trigger policy to spy on users based on location. The final release was in 2016 or 2017. Thoughts

After demonstrating this apps capabilities to several engineer friends, several bought iOS devices. It was a very powerful tool, with a long development cycle for a well paying client. Released here in it's imperfect neutered form for security researchers to explore.