Those developers at Retina-X are at it again. Retina-X was one of the first commercial spyware developers to venture into the Android platform back in 2009 by porting over their Mobile Spy application to Android. Mobile Spy offers an individual the opportunity to monitor communications and GPS location data of a Smartphone device. This technology is nothing new and even has a viable use case; when developed and used ethically.

There is certainly a legal and ethical case to be made for employers to monitor this type of communication or location data when an employee is using a company provided device. Parents and/or guardians also have the legal right, some would consider it a parental duty, to be aware of what their children are talking about or sending to their friends. The sexting statistics that we’ve discussed at length don’t lie.

The problem that Retina-X and Mobile Spy runs into with mobile anti-virus vendors is that their applications actively hide themselves from the user that is being monitored. It opens up the possibility for someone to purchase or download their app and install it on an unsuspecting user’s device so the attacker can illegally monitor their actions. We’ve seen more stories of this type of software being used to spy on someone or as a tool to aid in illegally stalking a victim than we can count.

In the spring of 2010, Retina-X took their Android release of Mobile Spy a step further and ventured into the Android Market by offering the “Smartphone for Android” applications. These applications enabled much of the same functionality as the original Mobile Spy as well as hiding itself from detection. The only major difference was that the name was changed to seem less harmful. They prettied it up to attempt to get past Google’s sensors (yes, some apps do get banned).

Versions of the “Smartphone for Android” application were released for Android 1.5, 1.6 and 2.x, however, the applications were pulled from the Market at some point. It is unclear when they were pulled or for what reason. Whether the developer pulled them or if Google wielded their “ban hammer” and chucked them out is unknown. Regardless, they are no longer available.

This week, while cruising through the Market, we came across 3 more additions from Retina-X into the Market: “Mobile Nanny”. Just like its predecessor, “Smartphone for Android”, ‘Mobile Nanny” has versions for Android 1.5, 1.6, and 2.1. However, the “Mobile Nanny” description in the Market attempts to obfuscate its origin a bit by no longer using web portals for monitoring data that actually state “mobile-spy” in them. A small amount of investigation reveals that the developer, “Mobile Nanny”, is actually Retina-X and Mobile Spy.

By all accounts, “Mobile Nanny” appears to be a fully functional parental control application like many in the Market. ”Mobile Nanny” offers the ability for a parent or employer to monitor SMS messages, GPS location, and call logs on the device. ”Mobile Nanny” goes further to also offer SMS/Call blocking, time usage restrictions, remote locking and tracking, can block applications from being installed, block web access, or block certain phone capabilities. All of this functionality is remotely configurable and monitored data can be viewed online via the “Mobile Nanny” web portal.

All of this is great. The only problem is that Retina-X continues to hide their application. ”Mobile Nanny” does not offer an application icon in the application drawer. Retina-X and a lot of advocates for this type of software would argue that in order for it to be effective, it needs to be hidden so the child or employee doesn’t delete it from the device. This may be a discussion worth having, but it also offers the ability for someone to use this software to illegally monitor the activities of an unsuspecting user. As such, anti-virus vendors should, and will, continue to label this as spyware to ensure that consumers are able to make the decision of whether it should be installed on the handset or not. If their is a legal right for someone to monitor another’s device, then the user can make the decision to allow it to remain on the handset. However, we want to make sure that unsuspecting users, or victims, are equally aware of its use on their device so they can take the proper actions.

Junos Pulse Mobile Security Suite users will be automatically alerted to the existence of “Mobile Nanny” on their handsets. The Pulse MSS Anti-Spyware engine will detect the installed applications and the on-demand SD card scanning capability will allow the user to be alerted if the application’s installation package exists on their SD card by updating the virus signature database to ensure signatures dated 11/5/2010 have been added to the protection capabilities.