Summary of Parts 1 and 2
Mobile-spy has some undeniable value in certain cases, but the software is by definition spyware. Unfortunately, as we have shown, there is little intrinsic security built into the software, which means it is trivial for an attacker to download the program an turn it into their own custom malicious spyware. In addition, thanks to several serious backend security problems, any customer of the software had better think twice before accepting the web-based log output as a reliable source of information.
Regardless of Mobile-spy's lack of security, this program does emphasize just how easy it can be to build a very powerful backdoor for Windows Mobile devices. Thanks to the many useful features and functions contained in the .NET Compact Framework, a programmer can access most any component of a Windows Mobile device — be it the camera, phone features, voice recorder, program properties, registry settings and much more. Perhaps Mobile-spy represents the future of malware on Windows Mobile devices.