So exactly how do you build spyware into your apps?



Developers have to answer a lot of questions when building apps but one question that doesn’t have a clear answer is how do you build spyware or backdoors into your apps?

It may seem like a silly question but I think someone has to ask it.

Let’s say I’m building yet another self-destructing, highly-encrypted messaging application for mobile devices. We’re still a month or so away from our grand public debut so we’re operating in stealth mode. Now let’s say we release the application and it becomes an overnight success, particularly among government officials in foreign countries. Then three months down the road the NSA (or the FBI or whoever) shows up at our offices and says ‘we need to be able to access to all those messages in real time.’ What do we do now? Do we try to deploy a patch somehow that gives the NSA full access? Do we release a whole new version? And what if we just licensed the encryption algorithm from someone else and don’t actually know how it works or how to crack it, do we tell the NSA to ask them for the keys or are we responsible?

Related: Why on earth would anyone download that?

We weren’t even thinking about making changes like that when we were developing the app (we were more worried about screen resolutions and interface design at the time).

So how do you prepare your apps so that they can easily be transformed into spyware? What sorts of backdoors does the NSA prefer? Is there sample code or APIs available from the NSA? Do we have to wait until after we deploy our apps to find out if the NSA even wants to hack whatever information we might gather? Are there any guidelines for this sort of stuff?

The NSA’s website is pretty vague about all this but in the FAQ section it recommends that companies wishing to work with the NSA, “first register with the NSA Acquisition Resource Center (ARC) at www.nsaarc.net [I've purposely removed the hyperlink] to highlight your company's capabilities and identify points of contact.” Ironically when you click on the link it takes you to a site where Chrome doesn’t recognize the certification and gives you a warning that someone may be trying to hack your computer…how odd.

If you aren’t a giant company like Google or Microsoft or Facebook you may be flying just under the NSA radar until after your app hits the market and then going back to try and retrofit your app with whatever spyware they might want could be expensive. Does the NSA reimburse you for those expenses?

Related: Stripped down version of MS Word is top iOS free app

But perhaps this is all moot. Perhaps the NSA doesn’t need a backdoor built into every messaging app. Perhaps they already have the necessary technology in place to intercept and decrypt every message sent by anyone around the world. Perhaps we’ll never hear that knock on the door.

But it sure would be nice to know ahead of time what the NSA might want us to do with our apps before we deploy them.

I propose the creation of a spyware clearing house website for developers who want to build in compliance with spy agencies, governments, courts and police requirements. It should have a news section, lots of sample code, a blog section, a place where you can post questions to other developers (or the spy agencies themselves) and of course it would need a download section where you can get code snippets in multiple languages and an assortment of APIs (clearly documented, please). And this needs to be an international effort because the Chinese government might want the data in XML but the NSA might prefer simple ASCII text.

Perhaps ISO should take up this matter and start defining some international spyware standards.



Guy Wright

Guy Wright has been covering the technology space since the days when computers had cranks and networks were steam powered. He has been a writer and editor for more years then he cares to admit. He has lost count of the number of articles, blogs, reviews, rants and books that he has published over the years, but he hasn’t stopped learning and writing about new things.


More

4 essential things to know about being an entrepreneur in your 20s!

You can do it if you put your mind to it but you can't do it alone.

The NVIDIA Shield Console: The Future of Gaming on Your TV

What we are witnessing is the changing of the future.

Sony PlayStation 4 Sells Over Twenty Million Units

Xbox is doing well as well