Vulnerability in Stalkerware Apps

TechCrunch is reporting—but not describing in detail—a vulnerability in a series of stalkerware apps that exposes personal information of the victims. The vulnerability isn’t in the apps installed on the victims’ phones, but in the website the stalker goes to view the information the app collects. The article is worth reading, less for the description of the vulnerability and more for the shadowy string of companies behind these stalkerware apps.

Posted on March 2, 2022 at 6:25 AM9 Comments


Ted March 2, 2022 9:21 AM

So people can see the collected info on a server without authentication? 400,000 phones around the world?

Winter March 2, 2022 9:47 AM

If there is a single EU citizen in this database, the company is eligible for a maximal GDPR fine. Plus criminal charges

vas pup March 2, 2022 3:18 PM

Tag – vulnerability

“Under the guise of conveying information, social, commercial, and political messages try to manipulate our feelings to get us to buy products, services, ideas, or candidates. That’s always been the case, but technology and algorithms have elevated manipulation to unimaginable levels and stacked the deck against self-regulation.

In addition, ubiquitous pop-psychology messages about “getting your needs met” make self-regulation secondary to manipulation of others.

We’ve lost touch with the internal message of emotions to be true to personal values and beliefs, which makes us easy prey for cultural manipulation.

Without acting on the motivation of vulnerable emotions to become better people, we can’t escape them. They’ll dominate recall of past events and appraisals of other people’s intentions. They’ll impair judgment, restrict sleep, and invade dreams.

===>These days everyone feels like a victim, ready to blame, shame, sue, and retaliate against everyone who doesn’t share their biases.

It’s no accident that a culture of blame, shame, and external regulation of emotions is also a culture of victim-identity.”

Q March 2, 2022 6:43 PM

So the stalkerware apps that are deliberately designed to invade your privacy, manage to perform as advertised and invade your privacy!

Who’d thunk it?

If people would leave their phones at home, spend less time with their eyes fixated on the screens, and more time enjoying the world around them, then those apps would become useless.

Don’t feed the machines. Starve them of the data they need.

Clive Robinson March 2, 2022 6:57 PM

@ Jonathan Wilson,

These kinds of apps shouldn’t even be legal.

Err… Umm… “Point of view”(PoV).

The first problem is,

All the technological systems that the underlying data is collected from, needs that data as a necessary part of the technologies function.

The second problem is,

The opperators of the technological systems need to collect the data for technical and business reasons. But even if they did not “collect” the data above those needs, most Governments now require them to keep the collected data, way past any operational or business need.

Which brings us to the third problem,

Why do Govetnments want all of this data kept? Right now there is no honest reason given, just so distant corner cases they are almost impossibly rare at the best of times, hence the “Think of the children” kneejerk nonsense to create FUD in the minds of those that do not acquaint themselves with the actual realities.

Which brings us to the fourth problem,

The Goverbments have absolutly no intention of paying for the “enhanced collection” and almost indefinate storage of such data. So a cost falls upon the collecting and storage entities.

Which brings us to the fifth problem,

The Governments know that the collection and storage costs are going to be immense, and worse make all the technological systems less efficient thus further increasing costs. Past legal battles have shown Governments that they have only three choices,

1, Forego having the data available
2, Pay the actual costs involved
3, Let others “creatively” use the data to sufficiently cover the cost plus any taxes etc.

Of the three, the third gives the Governments not just the data they want, but also another “income stream”. So from the Politicians point of view “what’s not to like” about unregulated usage of the data…

In short, there is no chance of the governments making it illegal, unless they can find another way to get the data and another as valuable cash flow.

If you take a carefull look at the EU GDPR the protection of peoples data is not the reason it exists. It exists because of all the weasely ways it can be used to raise revenue for the EU and Governments. Revenue that the likes of the current big Silicon Valley Corps are not just avoiding paying but actively using illegal methods to evade paying (which is a crime, but not one that’s going to be won in court).

RealFakeNews March 3, 2022 12:56 PM

The irony.

AFAIK these apps are illegal in the first place, so talk of GDPR violations is moot. GDPR is also easily avoided anyway, but given the basic premise of the app is illegal then it doesn’t matter at all.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.