A “free” phone spying app by a Vietnam-based company has ended up exposing the data like GPS location and pictures from the phones of the users who installed it.
The breach from the “stalkerware-type” app – TheTruthSpy – has also compromised pictures of minors and babies which were in the phones of the users, according to reports.
In the wake of the data breach, cyber security experts have cautioned users for internet hygiene as questions raised around the safety and reliability of TheTruthSpy following a series of similar compromises by other such apps.
“The images exposed by TheTruthSpy were available to anyone who visited a particular URL on TheTruthSpy’s website. The photos included those of a young boy looking at the camera, a baby’s soiled diaper, a pet cat, and photos of the inside of someone’s home,” according to one of the reports.
The app, available on Google Play and Apple Store, boasts of over a dozen features including monitoring multiple communication apps, and recording ambient voice among others.
Its website also claims that the app can siphon off photos, key logging and manage spying activities through a control panel while any data retrieved from the target user’s device is uploaded to TheTruthSpy’s server.
Once all this done, the user of the app can simply log in and view all collected data, the report claimed.
The app is maintained by 1Byte, which is based in Vietnam and handles several stalkerware-type apps. The company had previously hogged headlines after a similar expose of data due to a vulnerability in one of its apps earlier in January 2022.
What Is Stalkerware
Mostly used for espionage and detective purposes, stalkerware are malicious apps which run in the background and without the information of the users of the device on which it is installed.
However, these apps, unlike other malware, are publicly, and even freely, available for android and iOS phones.
What makes it dangerous is the sheer simple functioning of the app and its easy availability. Anyone who can download and install it, can target phone users.
While, TheTruthSpy’s expose of data has stunned users of such apps, it is not the first time that it has fallen prey to flaws.
Four years ago in 2018, a hacker had successfully infiltrated into TheTruthSpy’s servers and stolen client data.
“They take care about how to spy, and not take care about how they secure the attackers’ and victims’ privacy,” the hacker, who identified himself by initials L.M., had said in 2018.
L.M. was also critical of TheTruthSpy for being “untrue to its clients”.
Follow The420.in on