Category :


Type :


Platform :


Aliases :

SpyBubble, SpyBubble.A


Monitoring-Tool:Android/SpyBubble.A is a commercially available tracking tool.


Once the scan is complete, the F-Secure security product will ask if you want to uninstall the file, move it to the quarantine or keep it installed on your device.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Monitoring-Tool:Android/SpyBubble.A monitors incoming and outgoing phone calls and SMS messages, as well as the contact information of other parties.

It can also monitor added photos, visited URLs, and the GPS location of the phone. All this information may be uploaded to a remote server.


Upon installation, the application waits for the next reboot of the device to activate all of its components.

On reboot, it prompts the user with the terms and conditions, as well requesting the license key for the product, before it actually starts all the monitoring components.

click for a larger view

click for a larger view

If the installation is successful, the program does not display an icon in the phone's application menu. Users may detect its presence by checking the "Manage applications" menu under Settings for the application name radio.


Once active, the monitoring components will silently run in the background as services.

click for a larger view

click for a larger view

The program uses the following permissions to perform these activities:

click for a larger view

The application gathers a lot of information from the phone, as well as about the user's activities:

  • Call and SMS tracking:
    • IMEI for GSM and the MEID or ESN for CDMA phones
    • IMSI for a GSM phone
    • MSISDN for a GSM phone or the telephone number of the SIM card
    • Telephone number of the other party
    • Name/Number/Email of the other party if it exists on the phonebook
    • Duration of the call
    • Type of call (incoming, outgoing, or missed)
    • Sent and received message
  • Browsing tracking:
    • Url of the visited websites
  • Location tracking:
    • GPS location of the phone (the method used may incur charges)
  • Pictures:
    • Photos taken and the date it was added

All the gathered information may be sent at interval to a remote server (http://[...][...]) using a HTTP post operation without the users knowledge.

The information may also be accessed by the party that installed the app on the phone (if it was not installed by the primary user).

While apps with such behavior may be legitimately used by the device's authorized user, they are classified by security programs as riskware because in the hands of unauthorized users, they can also be used to cause damage to the user's data or the device.

If you are confident that you are aware of the risks involved in using the program and consent to its use, you may choose to keep it installed on your device.