What information is sought in espionage?

Spy apps against (alleged) infidelities: When the bugged smartphone is given away


Apps are neither good nor bad, just tools. The use of espionage apps, which is becoming more popular, is, however, punishable in the vast majority of cases, explain Laura Lanwert and Nico Kuhlmann

There is currently a lot of discussion about "the Corona app". This should be an application for smartphones that should help during the corona pandemic to identify contact persons and thus potentially infected people and at least to warn them.

But even before Corona there were other apps that intercepted and passed on the movements recorded by the phone and other information and data. Such espionage apps are particularly popular with digitally savvy and jealous partners.

These spy apps are installed by the user on a third-party smartphone. This is done regularly without the knowledge and above all without the consent of the other person. Installation therefore requires regular access to the other smartphone - both physically on the device and digitally through knowledge of the password. Or the appropriately prepared and bugged smartphone is simply given away to the partner.

The camouflaged app

After installing the spy app, it runs unnoticed in the background. The app itself disguises itself, for example, as a theft app, which supposedly can be used to locate the smartphone if it is lost.

The spy app then accesses everything that is not blocked by the operating system in real time: GPS data, messages, photos and much more. Some spy apps should even be able to record phone calls and secretly activate the microphone and camera. This spied out and intercepted data is in turn sent unnoticed by the owner of the smartphone to the person who installed the app. What previously only secret agents could do is now available at relatively low cost from several dozen providers on the Internet.

The location data can also be collected, for example, and made available as a movement profile on corresponding maps of the surroundings. In addition, critical areas can be defined so that the software sounds an alarm if the smartphone moves away from or reaches this area. So anyone who suspects that their partner does not work overtime in the office in the evening, but is having fun outside, could be notified when they leave their place of work.

US poll: one in ten monitors their partner

A survey from the USA is said to have shown that one in ten of the US citizens surveyed has already used such espionage software to monitor a partner or ex-partner and to keep an eye on their movements and interactions.

But these spy apps are not only popular in the USA - these apps are also used in Germany. After a data leak in customer information from only one provider of such apps, it turned out that they had over 1000 paying customers in Germany alone. Incidentally, the majority of these customers were men. Among them are also said to have been lawyers, as Vice reported. Overall, Germany is probably the European champion when it comes to the use of espionage apps.

Spying on and intercepting data is a criminal offense

In Germany, the use of such a spy app without the knowledge and consent of the smartphone owner will regularly be a criminal offense. Depending on the scope of functions of the specific spy app, the violation of the confidentiality of the word according to Section 201 of the Criminal Code (StGB) as well as the violation of the highly personal area of ​​life by taking pictures according to Section 201a of the StGB may be considered. In addition, the basic functions at least fall under the spying and interception of data according to § 202a StGB and § 202b StGB. The penalties for these offenses include up to two or three years imprisonment.

According to the wording of the law, in accordance with Section 202a of the Criminal Code, anyone who without authorization gives himself or someone else access to data that is not intended for him and that is specially protected against unauthorized access by overcoming the access security will be punished. According to Section 202b of the Criminal Code, among other things, anyone who, without authorization, uses technical means to obtain data from non-public data transmission that is not intended for him or herself or someone else, makes himself liable to prosecution. According to § 202c StGB, preparatory acts for spying on and intercepting data are also punishable. So anyone who procures a corresponding espionage app alone is committing a criminal offense.

From the numbering it can already be seen that these norms were only later added to the StGB in order to close gaps in criminal liability. These gaps in criminal liability have opened up due to the increasing use of computers and smartphones and the associated technical possibilities. The good old protection of the confidentiality of letters according to § 202 StGB was no longer sufficient for this. The current form of criminal offenses in this regard also goes back to the Cybercrime Convention of the Council of Europe from 2001.

The district court (AG) Heilbronn, for example, in 2015, using the Youth Court Act (JGG), convicted a 20-year-old defendant for intercepting data because of the use of an espionage app (judgment of 09.12.2015, Az. 52 Ds 30 Js 21146/15 jug.). According to the court's findings, the defendant secretly installed a spy app on his girlfriend's smartphone without her knowledge and approval, which subsequently enabled him to access all the data generated when using the smartphone for a few months over the Internet and thereby - as intended - to monitor his girlfriend. In particular, it was possible for the defendant to read the contents of chats and short messages, to look at pictures and photos and also to determine the location of the cell phone.

Other areas of application: children and employees

A legitimate use of espionage apps by parents against their children is only conceivable to a limited extent. If parents install these apps on their children's smartphones in order to monitor the whereabouts of the child, they can be used legally in exercising their parental responsibility according to §§ 1626, 1631 BGB.

However, as the child ages, such a measure can become disproportionate with regard to his or her right to self-determination. In particular, parents must take into account the child's growing ability and need to act independently and responsibly. In addition, it becomes critical again at the latest when monitoring communication, as the child can communicate with a third person, whose messages would then also be monitored - which will often be punishable again.

Even with employees, there are hardly any legal areas of use conceivable. Even if, for example, an employee should have consented to the employer's express request for the work phone, the first legal question that arises is whether such consent was actually given voluntarily, taking into account the dependency of the employee. In addition, the consent may not be given in a lump-sum, but the actual scope and the time at which the monitoring will end must be specified. Otherwise the consent would be invalid.

What to do? Prevention, mindfulness and control

In order to avoid becoming a victim of such a spy app yourself, the usual security measures should first be observed. Above all, this includes providing the smartphone with adequate access protection. Unlocking the device and approving the installation of apps via face recognition or a fingerprint is probably the safest way. If passwords are used, they should be kept secret - in principle also from the partner. The use of wiping patterns offers some of the worst protection. These can easily be copied and are sometimes still visible on the screen after unlocking.

In addition, new apps appearing on the smartphone that were not installed by the user should be critically examined. Where does this app come from? Who installed the app? How do I know that the app is doing what it claims to be doing?

In addition, there is now corresponding security software that searches, among other things, for spy apps and can find them on a smartphone based on certain characteristics. Finally, there are also advice centers that can help if there is any suspicion of espionage apps.

A sense of wrongdoing is often a nil

The awareness of injustice does not seem to be particularly pronounced when using espionage apps - neither among the providers nor among the users. The caught users apparently see it as a peculiar offense and the providers often simply write in the general terms and conditions that the use may only take place with the consent of the other person. How realistic this is and how many such use cases there are remains open.

In any case, the potential for abuse of espionage apps and the associated invasion of privacy is enormous. Appropriate mindfulness is required.

The author Laura Lanwert is a trainee lawyer at the OLG Celle and is currently completing the legal position at Hogan Lovells Int. LLP in Hamburg.

The author Nico Kuhlmann is a lawyer at Hogan Lovells Int. LLP in Hamburg in the field of Intellectual Property, Media & Technology.