According to media reports, a smartphone spyware has put the personal data of hundreds of thousands of users at risk, including call records/recordings, text messages, photos, browsing history, and precise geolocations.
According to TechCrunch, personal data can be extracted from a person’s phone due to a security flaw in widely used consumer-grade stalkerware or spyware.
“We can’t name the spyware or its developer since it would make it easier for bad actors to access the insecure data,” the report said on Tuesday.
It stated that efforts were being made to contact the spyware developer because the security and privacy of thousands of people were jeopardised until the problem was resolved.
Stalkerware apps are typically disguised as fake app names and have suspicious access to messages, call logs, location, and other personal information.
People repurposed these apps after downloading them to spy on their spouses’ smartphones.
As part of a larger investigation into consumer-grade spyware, the spyware security flaw was discovered.
According to the report, Codero, the web firm that hosts the developer’s spyware infrastructure, was contacted but did not respond.
Google announced earlier this month that it had removed several “stalkerware” ads from its Play Store that promoted apps that violated its policies.
“We do not allow ads promoting spyware for partner surveillance. We immediately removed the ads that violated our policy and will continue to track emerging behaviours to prevent bad actors from trying to evade our detection systems,” a Google spokesperson was quoted as saying.
Several stalkerware apps successfully evaded Google’s ban on such apps by employing a variety of techniques.
Google updated its Play Store policies in October of last year to prohibit stalkerware apps.
“In short, it’s spyware beloved by creeps, jealous ex-partners, and those who have no qualms about invading someone’s privacy in the hope of tracking what they’re up to and with whom,” security writer Graham Cluley had said in a blog post.
According to a recent report by cyber security firm Kaspersky, nearly 4,627 mobile users in India were found to be the victims of stalkerware, as some people attempt to digitally control the lives of their intimate partners.
Stalkerware affected a total of 53,870 mobile users worldwide in 2020. Kaspersky discovered 67,500 affected mobile users in 2019.
