A widespread surveillance operation known as Spyzie has compromised more than 500,000 Android devices and thousands of iPhones and iPads. A security researcher discovered a critical vulnerability in the platform, exposing the private data of victims and the email addresses of the individuals who deployed the stalkerware.
A Critical Security Breach
The security flaw identified in Spyzie is identical to the one recently exposed in the stalkerware apps Cocospy and Spyic. This vulnerability grants unauthorized access to sensitive information, including private messages, photos, and real-time location data, from any device infected by these applications. The researcher successfully extracted 518,643 unique email addresses of Spyzie customers and shared the findings with Have I Been Pwned.
This incident marks the 24th time since 2017 that a stalkerware operation has suffered a major data leak due to poor security protocols. Despite being largely restricted by Google’s advertising policies, these platforms continue to operate, with the combined user base of Cocospy, Spyic, and Spyzie exceeding 3 million people.
How the Surveillance Operates
Stalkerware apps are engineered to remain hidden on the victim’s device, often disappearing from the home screen to evade detection. The software continuously transmits device content to external servers controlled by the perpetrator.
- Android Devices: These apps typically require physical access to the device to be installed, often by someone who already knows the user’s passcode.
- Apple Devices: Since Apple maintains stricter security controls, Spyzie and similar apps often exploit iCloud credentials to remotely access data synced to the cloud rather than installing software directly on the hardware.
Records indicate that victims range from early 2020 through July 2024. Spyzie operators have not responded to requests for comment, and the security hole remains unpatched at this time.
Detecting and Removing Spyzie
Identifying stalkerware is challenging, but there are specific methods to verify if your device is compromised:
For Android Users
You can verify the presence of the app by entering *#001# into your phone’s dialer. This backdoor command, intended for the perpetrator, may reveal the hidden app if it is installed. If detected, follow established safety planning resources before attempting removal, as disabling the software may alert the person monitoring you.
For iPhone and iPad Users
Because these apps often rely on iCloud access, the most effective defense is securing your Apple Account. Enable two-factor authentication immediately and review your account settings to remove any unrecognized devices connected to your ID.
If you are a victim of domestic abuse or suspect your device is being monitored, the Coalition Against Stalkerware offers essential resources. In the U.S., you can contact the National Domestic Violence Hotline at 1-800-799-7233 for confidential support.