Frequently Asked Questions - SpyGuard/SpyGuard GitHub Wiki

1. SpyGuard hasn't detected anything malicious, I'm safe?

No. SpyGuard intercept network flows from the analysed device and tries to find something abnormal from them. Therefore, SpyGuard can only detect live and communicating implants from infected devices. Some implants can easily prevent to be intercepted or hide their malicious communications in legitimate network flows. Moreover, you may have your cloud accounts compromised instead or your smartphone, and that, SpyGuard cannot verify them for you.

If you really think that your device is - or have been - compromised, do not hesitate to check it via other open source projects such as MVT from Amnesty or AndroidQF. SpyGuard focuses on analyzing data that is sent across network, while MVT or AndroidQF concentrate on examining the applications and logs from the device being analyzed.

2. I'm worried that Spyguard steal my device communications.

We take privacy very seriously; therefore, SpyGuard does not send any data derived from your use to a remote server. At the start of a new interception session, files from the previous one are deleted. Moreover, as data are stored in /tmp/, they are erased with every reboot of the device.

3. Is SpyGuard exclusively used for testing smartphones against spywares?

No. It can also be used to check laptops, or in a lab to pentest IOTs. Several users already use it solely as a laboratory interception station, just to generate network captures. For example, SpyGuard has been used by its developer to get update servers easily from several kinds of IOTs or look at data transmitted by alarm systems.

4. Can it be used to capture Ethernet communications?

Not today, but we are looking to do that (as a bridge) for the next versions. This in order to be connected to other kind of devices such as a lab LTE/5G network or entreprise devices such as printers or computers.

5. Can I have it in a fully standalone, without two WiFi interfaces?

Yes, you can buy a tablet which can be used with Linux (not an Android Tablet) with LTE/5G capabilities in order to run it everywhere (approx $350). Beware, you need to have good knowledge in Linux to do such installation.