Methods:
- On-device: requires root/MDM, hooks mic API, streams via data.
- Network: SS7/IMS lawful-intercept with carrier cooperation.
Detection:
- Monitor spikes in CPU, battery, and network usage.
- Check unauthorized mic/network permissions.
Legal:
- Unauthorized interception breaches wiretap laws; consent or warrant required.
References:
- Android Telephony APIs
- RFC 3611 (VoIP logging)
Moniterro