Vulnerability Management, Data Security, Privacy

Security flaw in phone-monitoring apps exposes data of millions

(Adobe Stock)

A critical vulnerability in the mobile surveillance apps Cocospy and Spyic is exposing the personal data of millions of individuals whose devices have been unknowingly compromised, TechCrunch reports.

According to a security researcher, the flaw allows unauthorized access to messages, call logs, photos, and other sensitive information collected by the apps. Additionally, it reveals the email addresses of those who signed up for the service to monitor others.

Despite previous security concerns surrounding spyware, Cocospy and Spyic remain active, with 2.65 million unique email addresses linked to them. The apps often evade detection by masquerading as system services on Android devices.

While typically marketed for parental or employee monitoring, they are frequently used for covert surveillance, raising legal and ethical concerns. Investigations have linked the apps to a Chinese developer, whose servers are being obscured through Cloudflare and Amazon Web Services. Both companies declined to comment on potential actions against the spyware.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds