Spyzie Stalkerware: Android & iPhone Spying Exposed

Spyzie Surveillance Operation Exposes Hundreds of Thousands of Devices

A relatively obscure phone surveillance application, known as Spyzie, has resulted in a compromise affecting over 500,000 Android devices, alongside numerous iPhones and iPads, as revealed by data from a security researcher.

It is highly probable that the majority of individuals whose devices have been affected are currently unaware of the breach of their personal phone data.

Vulnerability Shared with Similar Apps

The security researcher communicated to TechCrunch that Spyzie shares a critical vulnerability with Cocospy and Spyic. These two applications, while marketed under different names, are fundamentally the same stalkerware, utilizing identical source code.

As previously reported, this shared flaw led to the exposure of data belonging to over 2 million individuals. The vulnerability permits unauthorized access to data extracted from devices compromised by any of the three applications, including messages, photographs, and location information.

Furthermore, the bug reveals the email addresses of all Spyzie customers who registered to monitor another person’s device, according to the researcher.

Data Leak and Notification

The researcher successfully exploited this vulnerability to gather 518,643 distinct email addresses associated with Spyzie customers.

This collection of email addresses was then provided to both TechCrunch and Troy Hunt, the operator of the Have I Been Pwned data breach notification service.

Prevalence of Consumer Surveillance

This recent incident underscores the growing prevalence of consumer phone surveillance applications within civil society.

Even operations with limited online visibility, such as Spyzie – which faces advertising restrictions from Google and is largely prohibited from search result ads – have managed to attract a substantial customer base.

Combined, Cocospy, Spyic, and Spyzie currently serve a user base exceeding 3 million customers.

Risks Associated with Stalkerware

The leak highlights the increasing frequency of security flaws within stalkerware applications, posing risks to both customers and the individuals they are monitoring.

Even when used for legitimate purposes, such as parental monitoring – which is legally permissible – these apps can expose children’s data to potential hacking threats.

To date, Spyzie represents the 24th stalkerware operation, since 2017, to experience a data breach, leak, or exposure of sensitive victim data due to inadequate security measures.

Lack of Response and Unresolved Bug

TechCrunch’s attempts to obtain a comment from Spyzie’s operators have been unsuccessful.

As of this writing, the identified vulnerability remains unaddressed and unresolved.

Android App Implants and Compromised Apple Account Security

Applications such as Spyzie, alongside alternatives like Cocospy and Spyic, are engineered for discreet operation, avoiding visibility on device home screens. This design intentionally hinders detection by those targeted. These applications consistently transmit device data to the spyware's servers, granting access to the individual who installed them.

Security research data, shared with TechCrunch, reveals that the majority of those impacted by Spyzie utilize Android devices. Installation of the Spyzie app on these devices necessitates physical access, typically requiring knowledge of the user’s passcode.

This access requirement explains the frequent use of these applications within abusive relationship dynamics, where passcode familiarity is more common.

Analysis of the data further indicates that at least 4,900 iPhones and iPads have also been compromised through Spyzie.

Due to Apple’s stringent application policies, compromising iOS devices generally involves accessing data stored within Apple’s iCloud service. This is achieved through the acquisition of a victim’s Apple account credentials, rather than direct device manipulation.

Records indicate that breaches of Apple devices linked to Spyzie occurred as early as February 2020, with instances continuing as recently as July 2024.

Removing Spyzie Stalkerware

Similar to Cocospy and Spyic, pinpointing specific individuals monitored by Spyzie through the obtained data proved unfeasible.

However, several steps can be taken to determine if your mobile device has been compromised by this particular software.

For Android Device Owners: Despite attempts at concealment, Spyzie’s presence can often be revealed by entering ✱✱001✱✱ into the dialer of your Android phone and initiating a call. If the application is installed, it will become visible on your display.

This functionality represents a built-in backdoor, intended for the perpetrator to regain control of the device. Conversely, it allows the user to verify if the application is present on their phone.

A comprehensive guide for removing Android spyware, including identifying and eliminating common stalkerware and enhancing your device’s security, is available from TechCrunch.

It is crucial to establish a safety protocol, as disabling spyware may notify the individual who installed it.

For iPhone and iPad Users: Spyzie functions by utilizing the victim’s Apple ID credentials to access data within their iCloud account. Enabling two-factor authentication for your Apple ID is paramount, serving as a critical defense against account breaches and a primary method for stalkerware to access your information.

Regularly review and remove any unfamiliar devices linked to your Apple Account.

If you or someone you know requires assistance, the National Domestic Violence Hotline (1-800-799-7233) offers 24/7 confidential support to those experiencing domestic abuse and violence. In urgent situations, please dial 911. The Coalition Against Stalkerware provides resources for individuals suspecting spyware compromise.