Is WebWatcher A Scam?
In our ongoing scam report series, where we test competing spy phone software to see if they can do all that they advertise, we have decided to turn our focus to WebWatcher for Android.
WebWatcher is one of the oldest spy phone software companies around, but despite that, they only offer a handful of features for their Android version. This limitation is due to WebWatcher being unable to operate on un-rooted Android phones; However, many of these features leave a lot to be desired–Whatsapp capturing being just one example. So, while they are not a scam, some may feel that that the actual capabilities of the software does not match expectations.
Read on for more information.
WebWatcher for Android Full Review
This report is split into six sections, and in each one, we investigate one aspect of WebWatcher.
Here’s what we investigate:
1. The software claims
We examine if what they advertise on their website is really what the software can do.
2. The website
We look for any discrepancies in the accuracy of their advertised information.
3. The company
We see whether or not this company is behind any scams.
4. The software they send
We look into the functionality of the software, examining if it delivers on the features or claims outlined in the first section of this report.
5. Is WebWatcher a scam?
We collate all our evidence, cross-referencing it with any other scam software information that we have.
6. Protecting yourself from scams
Finally, we explain how you can use genuine software like FlexiSPY for monitoring a device. (as a bonus we show you how to save money on your FlexiSPY purchase in the process.)
Investigating the software claims
According to the WebWatcher website, their Android software has the following features:
For those who don’t want to read the entire document you can see below whether or not the advertised features worked or not.
Looking at the results below, while WebWatcher does deliver on the majority of what the website offers there are a few things that do not operate as advertised–or only work under certain conditions.
For example, their URL capturing feature is exclusive to Google Chrome, which is a web browser that not everyone uses for surfing the web on their phone.
Furthermore, WebWatcher heavily advertises itself as being completely undetectable once installed. But, during our tests, we found out that this is simply not true, and that there are many ways that someone can spot WebWatcher and remove it.
If you’re curious about which features passed our test, see the chart below:
|Feature||Does it Work?|
|Capture Running Apps||PASSED|
Running apps were captured and uploaded.
|Capture Call Logs||PASSED|
Call log data was captured and uploaded
|Capture Device Location||PASSED|
The device location was captured and uploaded.
|Capture Device Photos||FAILED|
Images taken using the camera were not captured.
|Capture Device SMS Messages||PASSED|
SMS messages were captured.
|Capture URL’s visited||PARTIAL|
Only captures URL’s visited using Chrome
|Capture Browser Search Terms||PARTIAL|
Only captures pages searched for using Chrome
|Capture Instagram Photos||PASSED|
Captures and uploads pictures taken using device camera and uploaded to Instagram
|Capture Whatsapp messages without root||PASSED|
Captures and uploads the TARGET device messages sent via Whatsapp
Undetected by Antivirus; Installs as administrator; installs as non-descript name listed in Application Manager
Investigating the website
At first glance, the WebWatcher website looks more reputable than many other spy phone software vendors.
However, if you do a bit more reading on their Android section, things get interesting.
Having a glance at the features table above, and comparing with competitors like FlexiSPY and Mspy, WebWatcher’s feature list is exposed as lackluster at best.
Furthermore, some of the features advertised are misleading. For example, according to the WebWatcher website, Whatsapp messages are only captured if you purchase an optional WebWatcher component. But, the WebWatcher portal doesn’t match that information as we will show you later.
Investigating the software received after purchase
After we purchased WebWatcher, we learned that there are two ways to install their software onto a compatible Android device.
The first way is to follow the steps in the email you receive.
The second way is to get installation instructions from inside the online portal.
However, using the online portal to install is unnecessarily complicated. For example, there is no expected setup wizard, and installation instructions are tucked away inside the Settings menu under an option called Downloads. And this was not even the worst of our installation problems.
During our testing, our team ending up having to reach out to WebWatcher support several times when we wanted to reinstall the software. There is no obvious way for a user to reinstall the software themselves using the same license code without getting help from WebWatcher support. Their process is to deactivate the license for you, which is impractical.
For one, many people may be under time constraints and don’t have the opportunity to contact support to get their license deactivated. Secondly, should there truly be a need to make support part of this process? After all, companies like Mspy and FlexiSPY allow customers to reinstall the software without customer support intervention.
WebWatcher advertises itself as not requiring root and, in ways this makes the software so much easier to install, but, this also means that it offers limited features and an easy way to remove the software if you know where to look.
Installing WebWatcher actually can take some time, even though rooting is not required, this is due to the design of the Webwatcher installation method. The installation process has five parts, which are all explained below.
Part 1 – Install a pre-installer (called ATI Client)
Upon downloading WebWatcher, it installs a pre-installer that then downloads the main application when opened. You have to log in to your WebWatcher online portal from inside this application to start the download process.
Part 2- Download the main application
Once the main application is downloaded, it is then installed.
The application is installed as com.android.providers.internal.security and is visible in Application Manager.
Part 3 – Set application permissions
After it’s installed, you must grant it usage permissions so that it can start monitoring.
The application also has to be granted accessibility permissions.
Part 4 – Install application as an Administrator
The software then installs itself as an Administrator to stop it from being easily removed from Application Manager.
Part 5 – Remove the original preinstaller
After installation of the main application, the preinstaller (ATI Client) is then removed.
The average time to do all this, in our tests, can range from 15 minutes to 30 minutes or more. The installation process is so lengthy because part 3, where you set application permissions, is not a typical installation method.
There is no need for these steps when installing either Mspy or FlexiSPY on a rooted or unrooted device so even though WebWatcher tries to help you as best it can there is quite a lot of user involvement needed.
So, if you thought that installing the software on to non-rooted device would be quicker than rooted, then, unfortunately, WebWatcher may prove you wrong.
All in all, once that has been done the application starts capturing data automatically, and uploads it to the online portal.
Inside the online portal you get the following data captured:
- Installed applications
- Call logs
- GPS location
- SMS messages
- Websites visited
- Website searches
- Instagram photos
- Whatsapp messages
Please note that the Tinder option, shown in the screenshot below from the online portal, is for iPhone only and was not functional at the time of writing this report.
We will now go through each of WebWatcher’s features to show whether or not they work and to review the data that each feature captures.
For this feature, every running application is listed according to the application name.
Clicking it shows the date and time that the application ran, as well as the total usage time. Running applications are also grouped according to set categories that WebWatcher defines. There is no way to remove applications from these categories or make your own.
Captured and received call logs are logged along with the call duration, date and time of the calls and the number of the calls.
The location data is lacking in detail with WebWatcher only plotting the device on a map, failing to display coordinates.
WebWatcher didn’t capture images taken using the phone’s standard camera app. However, it did capture Instagram images taken using the camera and then uploaded and processed with the Instagram app.
The photo capture feature displays the image itself, the date and time the image was taken and the filename. It also lists the type of Image as well but in testing we saw only one type of image being uploaded, and that was with the Instagram app.
WebWatcher captured sent and received SMS messages without issue. Included in the information was the contents of the SMS message, the sender phone number, the recipient phone number and the date and time the SMS was sent or received.
The sites visited are only captured if the websites were visited through Chrome browser. It shows the date and time the website was accessed, the window title and the total time spent browsing the site. When you click a record, only the visited URL is shown, there is no captured screenshot of the page or anything like that.
As long as you have the Instagram app installed from the Play Store, images that are taken using the standard camera application and uploaded to an Instagram account will be captured.
A feature new to WebWatcher for Android is the ability to capture Whatsapp messages without rooting the Android device. While this does work, there are a few limitations. Namely, it only captures one side of the conversation, which is the side of the device with WebWatcher installed. Furthermore, the captured data is just plain text and unformatted, so chat elements like stickers, images, videos, etc. are missing. These can be just as important to a Whatsapp chat then the text itself. Otherwise, WebWatcher uploads the plain text of one side of the conversation with no issue.
For their Whatsapp feature, we do think that WebWatcher deserves recognition. The bulk of other spy phone companies only capture IM’s on rooted devices–and then only if the IM service (e.g. Facebook, Whatsapp, etc.) is a supported version. While the feature only captures one side of the conversation (the messages sent from the device with WebWatcher installed on it), this is still actually better than nothing for those who want to capture Whatsapp but do not want to spend time messing around rooting the device first.
Who’s behind WebWatcher?
Technically, WebWatcher does sell genuine software, as we have shown here. But what they don’t make clear is that not all the claims that are on their website are true.
For example, WebWatcher advertises itself as discrete and tamper proof, which isn’t entirely accurate. On an unrooted Android device every application is listed inside Application Manager (Apps > Settings >, Application Manager) and all that WebWatcher have done is give the software a non-discrete name that it hopes that people will ignore when looking through their list of installed applications.
Furthermore, WebWatcher installs itself as a device administrator. What this does is it stops WebWatcher from being uninstalled using the typical Application Manager menu. It seems they see this as a way to make WebWatcher tamper-proof but, what they may be overlooking, is the suspicions that a device owner might have when they find an application that they don’t seem to be able to uninstall.
The device owner could just research the name of the application and learn that it is WebWatcher. Then, because they cannot uninstall it they would just factory restore the device, and that is the end of WebWatcher. No spy phone software can ever survive a factory reset.
Let’s see this in action:
Here you can see WebWatcher in the Application Manager menu.
Notice that the name of the app isn’t WebWatcher–instead, it looks like the name of a standard Android system process. WebWatcher may be hoping that this is what people will assume it is and ignore it. After all, you can only remove software listed in the Application Manager menu on a rooted device and WebWatcher does not offer any root-only features for their Android product.
Here you can see WebWatcher listed in the Application Manager menu. We know it is WebWatcher because it is referred to by a device administrator installed called ‘ATI Client’ which is what we installed in part 4 of the WebWatcher installation process.
When you tap the application above, as mentioned, you cannot uninstall it. The option to do so is grayed out. Again, this may raise alarm and suspicion to the device owner.
So, if we were the device owner, we would be suspicious right now and edge towards a factory reset.
However, you can uninstall WebWatcher by turning off the device administrator from the Security menu.
Above we can see a device administrator installed called ATI Client. This name matches what was installed by WebWatcher. We need to tap this option and then deactivate it.
You can see in the description above that the ATI Client administrator makes reference to the same application that is WebWatcher, and this is how we know that they are the same thing. With ATI Client deactivated we should be able to uninstall WebWatcher, but it still was not that easy.
Immediately after disabling the WebWatcher device administrator, WebWatcher appeared on the phone, and it wouldn’t go away. If you try to leave the screen, WebWatcher will just pop back up again, making the device owner suspicious. This is because WebWatcher can only be uninstalled fully by entering the WebWatcher account username and password first and then tapping the Uninstall button. If you do not know these details then uninstallation is not possible.
This is most likely what WebWatcher are referring to when they advertise that the software is tamper-proof.
From the perspective of the device owner the only way to get around this is to restart the device but then, after you do that, at least with us, our device would just randomly restart itself and pretty much become unusable.
The only way to get around this is to restart the device, but then, after you do that -at least with us- our device would just randomly restart itself and pretty much become unusable.
For the device owner, a factory reset is pretty much the only choice here.
Investigating the company
WebWatcher is a legitimate company selling monitoring software for both smartphones and computers. However, WebWatcher is created by Awareness Technologies, who are based in Connecticut in the USA. Awareness Technologies also make the same WebWatcher program under different names like Laptop Cop, Interguard and SONAR.
Their website is easy to find and heavily advertises Interguard as their primary product. WebWatcher is simply the smartphone module of Interguard, refactored into a different and easier to use product.
Suffice to say; this is not something new. The majority of these companies (Mspy, Mobile Spy, etc.) often peddle the same product with a different name and a different look to appeal to more clients. Because of this, customers can easily be fooled into believing that a new product that sounds better than their current one is actually the same thing. This is scam tactic which some might say makes WebWatcher part of a scam too.
An Offer From FlexiSPY
If you are an unhappy WebWatcher customer you should know that FlexiSPY will buy back your license from these scam vendors, and you can then purchase a FlexiSPY license at a discounted rate.
Simply head over to FlexiSPY’s buy back page which is located here to get started.