One of the most widely-used stalkerware apps is supposedly “riddled” with security flaws, and risks exposing its victim’s data to third parties, experts have warned.
Xnspy allows users to monitor the activities of their spouse, partner, or child after they covertly install it on their victim’s device, it then runs in the background secretly while sending data back to the installer.
An investigation by TechCrunch (opens in new tab) found that in addition to the already questionable more and legal issues that a tool like Xnspy presents, its underlying technology makes users extremely vulnerable to data security issues like identity theft.
What did the researchers uncover?
Following months of research, security researchers Vangelis Stykas and Felipe Solferini claimed that this app had many flaws which were “easy to exploit” and “have likely existed for years”.
These flaws reportedly include “credentials and private keys left behind in the code by the developers” as well as “broken or nonexistent encryption”.
According to the research, this app primarily targeted Android users – although it also reported that thousands of iPhones were compromised.
Xnspy reportedly had 60,000 victims as far back as 2022, TechCrunch claims, with instances being recorded as recently as 2022.
Despite Google instituting a ban on the sale of stalkerware from its app store in August 2020, and subsequently removing any ads which showed up on its platform, in unlikely that we’ve seen the last of the controversial technology.
The pandemic led to a huge rise in the number of people deciding to use the stalkerware tools.
There was reportedly a 93% increase in the use of stalker and spyware apps in the UK directly after lockdown measures were first introduced if research from cybersecurity firm Avast is to be believed.