Experts warn that one of the most widely used stalkerware apps is “packed” with security flaws and risks exposing victim’s data to third parties.
Xnspy allows users to monitor the activities of their spouse, partner or child after installing it surreptitiously on their victim’s device. It then runs secretly in the background while sending data back to the installer.
An investigation through TechCrunch (opens in new tab) found that in addition to the already questionable and legal issues a tool like Xnspy poses, the underlying technology leaves users extremely vulnerable to data security issues such as identity theft.
What did the researchers discover?
After months of research, security researchers Vangelis Stykas and Felipe Solferini claimed that this app had many flaws that were “easy to exploit” and “probably been around for years.”
These flaws reportedly include “login credentials and private keys left in the code by the developers” as well as “broken or non-existent encryption”.
According to the investigation, this app mainly targeted Android users, although thousands of iPhones were also reported to have been compromised.
Xnspy reportedly had 60,000 victims as early as 2022, TechCrunch claims, cases of which will not be recorded until 2022.
Despite Google banning the sale of stalkerware from its app store in August 2020 and subsequently removing all ads that appeared on its platform, it’s unlikely we’ve seen the last of the controversial technology.
The pandemic led to a huge surge in the number of people who decided to use the stalkerware tools.
There was reportedly a 93% increase in the use of stalker and spyware apps in the UK right after lockdown measures were first introduced, according to research from cybersecurity company Avast.