The belief of the connection between the suspiciously quickly consumed charge of the battery on the phone and conducting surveillance of the device is widespread. We decided to check how justified such a fear.

That the high energy consumption of the gadget May be a sign of surveillance, Various sources write for more 15 le. Sharply increased battery consumption called Among the main indicators of the possible wiretapping authors are both specialized and not directly related to cybersecurity sites. How to recognize surveillance if the smartphone suddenly began to discharge quickly, they regularly tell Media And glossy magazines.

The rapid discharge of the battery can be associated with a number of reasons that are not related to surveillance. The first and main of them is the wear of the battery. Lithium-ion batteries used in modern smartphones, calculated To the final number, the recruitment is the closer to the exhaustion of this resource, the shorter the autonomous work session will be. According to experts, if the owner charges the smartphone once a day, the productivity of the gadget will significantly decrease after the third year of active use.

Secondly, the autonomy of the device can be reduced by time due to resource-intensive applications open in the background. To those Relate Many popular social networks and services: Facebook, Instagram, Tiktok, YouTube, Snapchat, Uber, Google Maps and others. Some smartphone manufacturers Recommend Those who want to extend the life of the battery, use the energy conservation mode and limit the operation of applications in the background (although for the owners of the latest models the problem is not so acute).

Thirdly, the frequency of use of the resource-intensive elements of the device: screen, camera, microphone, Wi-Fi, GPS modules and mobile data transfers affects the capacity of the battery.

An example of the charge consumption by applications in ten days. The most actively owner of the device used Telegram, but most of all the energy was spent on Facebook

Surveying programs can be divided into two main groups: to the first (Stalkerware) Relate relatively legal and declaring the main function, for example, parental control, to the second (Spyware) - illegal and really spy. An ordinary user is much more likely to encounter Stalkerware, especially since interest in such programs has grown significantly in recent years, reports testify Avast And "Kaspersky laboratories". By data Nortonlifelock, in 2022, legal surveillance programs were installed for about every 13th device operating on Android. Often, this is established by parents trying to control their children, or people who are not confident in the reliability of their partner or spouse.

Experts Markthat such legal programs can be relatively energy -consuming, however, this depends primarily on the actions of the following. If it fixes, for example, only information about calls and sent messages, then the behavior of the smartphone will hardly change. On the contrary, obtaining access to the camera or microphone will probably lead to heating and, as a result, accelerated discharge of the device.

One of the popular examples of Stalkerware is service MSPY. Spent in 2023 testing This application showed that the devices that were followed by it were monitored in the usual mode (that is, some data was transmitted once every few hours) did not begin to discharge faster because of this. However, if a person who remotely controlled the smartphone included additional functions (for example, the GPS module used to monitor geolocation, a microphone for the wire of the calls and Wi-Fi to transmit these data every five minutes), energy consumption grew 6-10% of the usual.

About the same way, the Battery level is affected by the stalker program Flexispy. Its developers are straight warn: With the basic scenario of use, this application consumes an almost invisible fraction of the charge, but when the device is controlled in real time, it increases significantly. However, this restriction of the following can bypass - some programs allow you to configure surveillance so that “difficult” data will be transmitted only when typing certain words on the keyboard at night or when the phone is recharging.

More complex, illegal and truly spy programs (Spyware)-for example, PEGASUS From NGO Group - work according to the same principles. The main differences from Stalkerware when using two:

To install most legal programs, physical access to the device is required. If the owner does not leave an unlocked smartphone unattended, it is extremely difficult to infect it. The installation of spy software, on the contrary, can occur through an unprotected Wi-Fi network, a website interface, an infected link or vulnerability in the operating system-the owner of the device will probably not even notice the appearance of a malicious program on it;
Stalker services leave a relatively easily noticeable mark on the smartphone: even if the application icon is hidden and it works in basic mode, it is easy to find in the list of all running services through the settings menu. And although often such programs Masive For service (for example, a calculator or an update service), the user can at least check what kind of suspicious software is installed on its device and what data the service gained access. The same Pegasus is arranged more sophisticated - it works In the RAM of devices on iOS and leaves no visible traces in the system, so the ordinary user cannot independently detect surveillance.

As a rule, complex spy programs, which only special services and other state departments usually have access to concrete purposes. Last but not least, this is due to the high cost of such software - the remote installation of Pegasus on one device It can cost Tens of thousands of euros. Under these conditions, the use of such programs is justified if surveillance needs to be installed on suspects in serious crimes or terrorists, but some governments also infect the phones of politicians, journalists, activists or businessmen.

Given that access to Pegasus and its analogues is significantly limited financially and institutional, observing infected gadgets with the help of such applications involves a certain training. Representatives of the special services or other people engaged in this work are well aware of how to monitor surveillance, so as not to give themselves out (for example, a sharply increased battery consumption). Sometimes they make mistakes, which, however, do not necessarily lead to disclosure. So, Pegasus on the phone of the Medusa publisher Galina Timchenko was discovered at the end of June 2023, and the analysis of experts showed that the program was installed four months earlier. The media manager itself I rememberedThat just then, in February, her smartphone began to bask stronger than usual, but she wrote off this on the features of a newly purchased new charger. On the other hand, it was impossible to independently confirm that it was spy software that led to more active use of the battery. IN several affordable reports The infection of smartphones, journalists and activists using PEGASUS The increased battery consumption is not mentioned as a method of detection.

Pegasus: infection schemes and access to the contents of the device. Source: iPhoneblog.de

It is noteworthy that the possibility of detecting a legal or illegal espionage program is somehow limited to the battery capacity. For example, the MSPY program installed without the user's knowledge on the iPhone 7 (1960 mAh), when using maximum functions, can reduce the time in the characteristics of the gadget on the network from 12-14 hours to 10, and will also affect the performance of the smartphone and its temperature. But already on the iPhone X (2716 mAh) this will not be so noticeable, not to mention subsequent models. The same applies to smartphones on Android and other operating systems. Even in inexpensive models, you can now find a battery for 5000 mAh or more. With such a battery, if the hacker does not follow the user in real time, the owner of the device simply does not notice the share of energy consumption that falls on the spy program.

In other words, the battery with a large capacity makes a convenient life of both the user and the hacker. Independently, the phone began to discharge faster than the usual because of problems with the battery, the work of background applications or surveillance, is quite difficult, but there is a more reliable sign that the correct option is the third. According to the “Information Security Consultant”, the Technical Director of the Foundation 19/29 Alexey ShlyapuzhnikovSpy programs for smartphones are able to disconnect the camera indicators and the use of GPS, disguise themselves as system processes, but all of them must fulfill their main function - transmit the user data to the attacker. Therefore, the main sign of the work of the spy application is a sharp increase in traffic. If suspicions, the user should look for an application that transmits an abnormally large amount of data, and with such a task, according to the expert, you can cope without special knowledge.

It should be borne in mind that Popular Illegal surveillance programs strive to reduce not only energy consumption, but also the use of traffic. The hatchors confirms: if the hacker is mostly interested in text messages and presses on the keyboard, and not photographs, video or access to the microphone and the device camera, a change in the volume of transferred data and the battery consumption will be insignificant.

Thus, if the smartphone began to discharge quickly, this does not necessarily mean that it was installed on it for surveillance. First of all, the user should check the degree of battery wear and the list of applications used in the background. On the other hand, modern programs for surveillance (both publicly available and used by special services) with proper tuning are quite economical, and even the batteries of even inexpensive smartphones are so powerful that the reasonably-minded work of the spy application is unlikely to affect the battery. The monitoring (especially the layman) can issue himself by overloading the infected device with the tasks of transmitting information, but the probability of this is inversely proportional to seriousness and the high cost of hacker software.

Photo on the cover: Christoph Scholz via Flickr