Recently there have been several reports of security flaws in a product provided by a company called Mobile Spy. The product is an application for Windows Mobile smartphones. The application logs various forms of communication data transmitted to and from the phone and sends it to a hosted database. A user can log in to the web service and view all the data that has been logged.
The idea behind this product is that it’s installed on a device without the knowledge of that device’s user (for example, an employee, child, spouse, etc.). The party who installed it can then monitor the user’s activity to ensure that the device is not being abused. A company manager, for example, can make sure that an employee is not making personal calls or sending personal text messages from a company device.
For the most part, this seems like a reasonable idea, but the security flaws in both the...
