F-Secure blocks spying app for Windows and Android

F-Secure is blocking a sophisticated mobile phone spying application, despite being ambivalent about the creator's motives.

Phone Creeper is a Windows Mobile application that lets an outside user access a mobile phone's calls, SMS logs, contacts, calendar information and GPS data that tracks location. The developer has said that an Android version will be released shortly.

"This is a phone espionage suite. It can be silently installed by just inserting an SD card with the files below on it," said Phone Creeper creator Chet Striker from XDA-Developers in the latest update.

However, in an Ethical Statement, Striker said that he created the code to show what was possible with the handset, and because it was fun to develop something unique.

He said that he will work with other XDA developers to find a solution to blocking the flaws and will release it as open source code.

F-Secure said that it is blocking the application with its mobile security software because of its functionality, but does not believe that Striker's motives are in question.

"Striker doesn't seem like a bad guy in our book, but a silently installing espionage suite should be detected by a security suite. The author's motives aren't as important as what the tool actually does," said Sean Sullivan, security advisor at F-Secure, in a blog post.

The move highlights the continuing problems between security researchers and software firms over responsible disclosure of flaws.

While most responsible researchers tell companies about flaws, many complain about the speed, or lack thereof, with which the security holes are fixed.

Microsoft's recent Coordinated Vulnerability Disclosure system has sought to lure more developers but still has a way to go it seems.