Stalkerware App “Spyzie” Exposes Sensitive Data of 500K+ Users

A little-known stalkerware app called Spyzie has been found to compromise the sensitive data of more than 500,000 Android users and nearly 5,000 iPhone and iPad users.

The app shares a critical vulnerability with two other stalkerware apps, Cocospy and Spyic, which recently exposed the personal data of over 2 million people.

The security flaw in Spyzie allows anyone to access sensitive information, including messages, photos, call logs, and location data collected from infected devices.

The bug also exposes the email addresses of customers who signed up to use Spyzie, putting not only the victims but also the app’s users at risk. Despite the severity of the issue, the app’s operators have not commented, and the vulnerability remains unpatched.

How Spyzie Operates and Who Is at Risk

Stalkerware apps like Spyzie are often used in abusive or controlling relationships, as they require physical access to the target device to install. The app remains hidden from view, continuously uploading the contents of the victim’s device to remote servers. This data is then accessible to the person who installed the app, often without the victim’s knowledge or consent.

Android devices are particularly vulnerable, as anyone with access to the device and its passcode can secretly install Spyzie. On Apple devices, Spyzie typically accesses data through the victim’s iCloud account using stolen Apple credentials rather than being installed directly on the device. This allows the app to bypass Apple’s stricter app controls.

The leaked data reveals that Spyzie has been used to compromise devices as far back as February 2020, with the most recent cases reported in mid-2024. The incident marks the 24th time since 2017 that a stalkerware app has leaked sensitive data due to inadequate security practices.

Ongoing Risk for Both Victims and Spyware Users

Spyzie’s security flaw not only exposes the personal data of victims but also puts those who use the app at risk. While it’s difficult to sympathize with individuals who use Spyzie to spy on others without permission, it’s important to note that some users may have legitimate intentions, such as monitoring their children’s safety.

Regardless of intent, the vulnerability revealed over 518,000 email addresses of Spyzie users, potentially leading to legal and privacy consequences for them.

For the victims, the risks are far more severe. The exposure of sensitive data—including messages, photos, call logs, and location information—can lead to serious consequences if this information falls into the wrong hands.

Victims may face identity theft, financial fraud, or further harassment as a result of this data leak. Additionally, compromised information can make victims vulnerable to phishing attempts and other malicious activities, adding to the emotional and psychological toll of the initial breach.

The fact that this is the third stalkerware app with similar flaws in recent weeks suggests that there may be broader security issues within the spyware industry. It emphasizes the dangers of using poorly secured apps and the potential fallout for all parties involved.

Protecting Yourself from Spyzie and Other Stalkerware

If you suspect your Android phone might be compromised by Spyzie, dial **001** and press the call button. This backdoor feature, intended for app administrators, can also help potential victims detect the app’s presence.