1. Symantec/
  2. Security Response/
  3. Android.Pdaspy


November 16, 2011 12:07:49 PM
Phone monitoring PRO+, GPS Spy Phone Tracking PRO+
3.1, 7.1
Sherlock Mobile App
Risk Impact:
Systems Affected:
Android package file
The application arrives as one of the following application packages:

Free version:
APK: com.androidapp.pdaspy.apk
Version: 3.1
Publisher: Sherlock Mobile App
Marketplace name: Phone monitoring PRO+

Paid version:
APK: com.androidapp.conflite.apk
Version: 7.1
Publisher: Sherlock Mobile App
Marketplace name: GPS Spy Phone Tracking PRO+

The application must be manually installed.

Once installed, the application will display an icon depicting a cog wheel with the name "Conf Lite".

An attacker must have access to the device to log into the application and configure it. After this, the application will no longer appear in the standard Applications menu. However, it will still appear in the Settings > Applications > Manage Applications menu.

When the application is being installed, it requests permissions to perform the following actions:

  • Open network connections.
  • Check the phone's current state.
  • Read contact data.
  • Read SMS messages on the device.
  • Access location information, such as GPS, Cell-ID or WiFi.
  • Start once the device has finished booting.
  • Prevent processor from sleeping or screen from dimming.

System monitoring
The application will then periodically upload the following information to a predetermined website:
  • Call history
  • Text messages
  • GPS coordinates

An attacker can later log into the website and access the gathered information.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube