A major security flaw discovered in two popular phone monitoring apps has compromised sensitive personal data of millions of people, revealing a disturbing trend in the surveillance software industry.
The apps in question - Cocospy and Spyic - contained vulnerabilities that exposed private messages, photos, call logs and other confidential information from monitored devices. The security researcher who uncovered the flaw found that 1.81 million Cocospy users and 880,167 Spyic users had their email addresses exposed.
These surveillance apps are typically marketed as parental control or employee monitoring tools. However, they are often misused for illegal surveillance of romantic partners without their knowledge or consent.
"The stalkerware industry consistently demonstrates poor security practices," said Eva Galperin, cybersecurity director at the Electronic Frontier Foundation. "These companies appear unconcerned about protecting sensitive user data."
The apps operate by remaining hidden on victims' devices while continuously uploading personal information to a dashboard accessible by the person who installed the software. Most device owners are unaware their phones have been compromised.
Analysis revealed both apps masquerade as generic "System Service" applications on Android devices to avoid detection. The apps were found to be sending data through Cloudflare servers, with some error messages appearing in Chinese, suggesting possible ties to China-based developers.
This incident adds to a concerning pattern - at least 23 stalkerware companies have experienced major data breaches since 2017. Eight of these companies ultimately shut down operations following security incidents.
For Android users concerned about stalkerware, experts recommend:
- Checking installed apps for suspicious "System Service" entries
- Enabling Google Play Protect
- Using the code ✱✱001✱✱ in the phone app to reveal hidden surveillance software
- Having a safety plan before removing any discovered spyware
iPhone users should secure their Apple accounts with strong unique passwords and two-factor authentication while removing access from unrecognized devices.
The National Domestic Violence Hotline (1-800-799-7233) provides 24/7 support for those affected by surveillance and abuse.