Vulnerabilities in common Android stalkerware apps may compromise the safety and privacy of victims.
A stalker uses mobile stalkerware, also known as spouseware, to spy on a victim.
The app will track the device’s location, listen in on conversations, and access browsing history, photographs, and other personal information.
In recent years, this form of application has grown in popularity.
The software that can be easily found online is usually marketed by its creators as a way to protect children, but it often has spyware features that could be exploited by a third party.
According to ESET researchers, over 150 security vulnerabilities were found in 58 Android stalkerware apps after an analysis of 86 Android stalkerware apps, exposing victims to additional privacy and security threats.
The researchers manually examined 86 Android stalkerware applications from 86 different vendors.
You might also like: 167 Fake Android and iOS trading and cryptocurrency apps: Sophos
A stalker is someone who downloads, tracks, or controls stalkerware remotely, while a victim is someone who is being spied on by a stalker using stalkerware. An intruder is a third person that is normally unknown to both the stalker and the victim.
An intruder may use stalkerware or its related monitoring services to carry out acts such as leveraging security or privacy vulnerabilities.
The bug could be used by an attacker to gain control of the victim’s device or to intimidate the victim by uploading fake evidence.
Following their 90-day coordinated disclosure policy, the researchers informed the development team of the error.
Only six vendors have responded to the bugs found by the researchers, and only seven intend to repair them; in one case, a vendor chose not to fix the identified problems.
You might also like: These Billing Fraud Apps have infected over 700,000 Android Users
Insecure transmission of victim PII and the storing of confidential data on external media are two of the most common problems.
The researchers concluded that this study should serve as an alert to potential stalkerware clients to think twice about using malware against their spouses and loved ones, as it is not only unethical, but it also puts their spouses’ private and intimate information at risk of cyberattacks and fraud.
It is also dangerous for the stalker because there could be a close connection between the stalker and the victim, exposing their personal details.