There is a widespread belief that there is a connection between suspiciously fast battery drain on your phone and surveillance of your device. We decided to check whether this fear is justified.

About the high energy consumption of the gadget May be a sign of surveillance various sources have been writing for over 15 let. Sharply increased battery consumption called in number the main indicators of possible wiretapping by authors both specialized and not directly related to cybersecurity sites. People regularly talk about how to recognize surveillance if your smartphone suddenly starts to run out of battery quickly. Media And glossy magazines.

Rapid battery drain can be due to a number of reasons that have nothing to do with surveillance. The first and main one is battery wear. Lithium-ion batteries used in modern smartphones calculated for a finite number of recharges - the closer the battery is to exhausting this resource, the shorter each battery session will be. According to experts, if the owner charges the smartphone once a day, the performance of the gadget will noticeably decrease after the third year of active use.

Secondly, the battery life of the device may be reduced in time due to resource-intensive applications open in the background. To those include many popular social networks and services: Facebook, Instagram, TikTok, Youtube, Snapchat, Uber, Google Maps, etc. Some smartphone manufacturers recommend those who want to extend battery life, use power saving mode and limit the running of applications in the background (although for owners of the latest models the problem is not so acute).

Thirdly, in a similar way, the battery capacity is affected by the frequency of use of resource-intensive elements of the device: screen, camera, microphone, Wi-Fi modules, GPS and cellular data transmission.

An example of battery consumption by applications over ten days. The device owner used Telegram most actively, but the most energy was spent on Facebook

Surveillance programs can be divided into two main groups: the first (stalkerware) are relatively legal and declaring the main function, for example, parental control, to the second (spyware) - illegal and truly spyware. The average user is much more likely to encounter stalkerware, especially since interest in such programs has grown noticeably in recent years, reports show Avast And "Kaspersky Lab" By data NortonLifeLock, in 2022, legal surveillance software was installed on approximately one in 13 Android devices. Often, such software is installed by parents who are trying to control their children, or by people who are not confident in the reliability of their partner or spouse.

Experts notethat such legal programs can be relatively energy-intensive, however, this depends primarily on the actions of the tracker. If it records, for example, only information about calls and sent messages, then the behavior of the smartphone will hardly change. On the contrary, gaining access to the camera or microphone will likely cause the device to heat up and therefore drain faster.

One of the popular examples of stalkerware is the service mSPY. Conducted in 2023 testing This application showed that devices that were monitored with its help as usual (that is, they transferred some data every few hours) did not begin to discharge faster because of this. However, if the person remotely controlling the smartphone turned on additional functions (for example, using a GPS module to track geolocation, a microphone to listen to calls, and Wi-Fi to transmit this data every five minutes), energy consumption increased by 6-10% of normal.

The stalker program FlexiSpy affects the battery level in much the same way. Its developers are directly warn: In basic usage, this app uses an almost imperceptible amount of battery, but when monitoring the device in real time, it increases significantly. However, the spy can also bypass this limitation - some programs allow you to configure surveillance so that “heavy” data will be transmitted only when you type certain words on the keyboard, at night, or when the phone is charging.

More complex, illegal and truly spyware - for example, Pegasus from the NGO Group company - work on the same principles. There are two main differences from stalkerware when using them:

Most legal programs require physical access to the device to install. If the owner does not leave an unlocked smartphone unattended, it is extremely difficult to infect it. Spyware installation, on the other hand, can happen through an unsecured Wi-Fi network, a website interface, an infected link, or a vulnerability in the operating system—the owner of the device probably won’t even notice that the malware is on it;
stalker services leave a relatively easily noticeable mark on a smartphone: even if the application icon is hidden and it works in basic mode, it is easy to find it in the list of all running services through the settings menu. And although often such programs camouflage for service ones (for example, a calculator or an update service), the user can at least check what kind of suspicious software is installed on his device and what data the service has accessed. The same Pegasus is designed more sophisticatedly - it works in the RAM of iOS devices and does not leave visible traces in the system, so the average user cannot detect surveillance on their own.

Typically, sophisticated spyware, which is usually only accessible to intelligence agencies and other government agencies, is used against specific targets. This is not least due to the high cost of such software - remote installation of Pegasus on one device may cost tens of thousands of euros. In these circumstances, the use of such programs is justified if surveillance is needed on suspects of serious crimes or terrorists, but some governments also infect the phones of politicians, journalists, activists or businessmen.

Considering that access to Pegasus and its analogues is significantly limited financially and institutionally, monitoring infected gadgets using such applications requires some preparation. Representatives of intelligence agencies or other people engaged in this work are well aware of how to conduct surveillance so as not to give themselves away (for example, by sharply increasing battery consumption). Sometimes they make mistakes, which, however, do not necessarily lead to discovery. Thus, Pegasus was discovered on the phone of Meduza publisher Galina Timchenko at the end of June 2023, and expert analysis showed that the program was installed four months earlier. The media manager herself I rememberedthat just then, in February, her smartphone began to heat up more than usual, but she attributed this to the features of the recently purchased new charger. On the other hand, it is now impossible to independently confirm that it was spyware that led to increased battery usage. IN several available reports about the infection of smartphones of politicians, journalists and activists with Pegasus, increased battery consumption is not mentioned as a method of detection.

Pegasus: infection patterns and access to device contents. Source: iphoneblog.de

It is noteworthy that the ability to detect legal or illegal spyware is somewhat limited by battery capacity. For example, the mSpy program, installed without the user’s knowledge on an iPhone 7 (1960 mAh), when using maximum functions, can reduce the operating time on the Internet stated in the gadget’s characteristics from 12-14 hours to 10, and will also affect the performance of the smartphone and its temperature. But already on the iPhone X (2716 mAh) this will not be so noticeable, not to mention subsequent models. The same applies to smartphones on Android and other operating systems. Even in inexpensive models you can now find a battery of 5000 mAh or more. With such a battery, unless a hacker is monitoring the user in real time, the device owner will simply not notice the share of power consumption that is due to spyware.

In other words, a battery with a large capacity makes life convenient for both the user and the hacker. It’s quite difficult to figure out on your own whether your phone has started to discharge faster than usual due to problems with the battery, background applications or surveillance, but there is a more reliable sign that the third option is the correct one. As an information security consultant, technical director of the 19/29 fund told Verified Alexey Shlyapuzhnikov, spyware for smartphones can disable camera and GPS indicators and masquerade as system processes, but all of them must perform their main function - transfer user data to the attacker. Therefore, the main sign of a spy application is a sharp increase in traffic. If suspicions arise, the user should look for an application that transmits an abnormally large amount of data, and, according to the expert, such a task can be dealt with without special knowledge.

It should be taken into account that popular illegal surveillance programs seek to reduce not only energy consumption, but also traffic usage. Shlyapuzhnikov confirms: if a hacker is mainly interested in text messages and keystrokes, and not in photos, videos or access to the microphone and camera of the device, the change in the amount of data transferred and battery consumption will be insignificant.

Thus, if a smartphone begins to discharge quickly, this does not necessarily mean that a spying program has been installed on it. First of all, the user should check the level of battery wear and the list of applications used in the background. On the other hand, modern surveillance programs (both publicly available and those used by intelligence agencies) are quite economical when configured correctly, and the batteries of even inexpensive smartphones are so powerful that intelligently configured operation of a spy application is unlikely to have any noticeable impact on the battery. A snooper (especially an unprofessional one) can give himself away by overloading an infected device with information transfer tasks, but the likelihood of this is inversely proportional to the severity and cost of the hacker software.

Cover photo: Christoph Scholz via Flickr