THOUSANDS of Americans have had ‘stalkware’ planted on their Android devices


Thousands of Americans have fallen victim to stalkware planted on their smartphones by someone they know – and an Android app is collecting and storing their personal information.

TechCrunch obtained leaked data from the app, TheTruthSpy, that has a database teeming with personal information like call logs, text messages, location data and passwords from users across the US.

TheTruthSpy, which launched in 2019, markets itself as a way for people to surreptitiously monitor the communications of their spouses. 

Mapping software revealed the app captured 278,861 location data points from Americans over the course of six weeks – a total of 608,966 worldwide.

The database was also held 1.2 million text messages and 4.42 million call logs, which included the duration of calls and the name and phone numbers of contacts. 

TheTruthSpy has been the center of several data dumps, including one in June when the app was found to expose images of children and other personal photos from victims’ personal devices.

TheTruthSpy app captured 278,861 location data points from Americans over the course of six weeks – a total of 608,966 worldwide. TechCrunch, which obtained the data, reported it was able to see exactly locations, such as someone riding a train or at church

DailyMail.com has contacted TheTruthSpy for comment.

Reviews of those who purchased the app shared that it does not deliver what it promises, but it seems capture personal information from phones very easily. 

TechCrunch reports it found about 360,000 unique device identifiers worldwide, a number associated with a smartphone and tablet, which highlights how many devices have been scraped of data during the operation that started on March 4 through April 14, 2022.

The database also included passwords, text messages and call logs of people who had the app planted on their Android smartphone

The database also included passwords, text messages and call logs of people who had the app planted on their Android smartphone 

The database showed the app captured 164 unique device identifiers in 11 US states during the operation that started on March 4 through April 14, 2022

The database showed the app captured 164 unique device identifiers in 11 US states during the operation that started on March 4 through April 14, 2022

Stalkware can spy on your phone

Stalkware is software that allows you to spy on someone’s phone or tablet.

They are often advertised to parents who wish to track the online activity of their child, or bosses looking to snoop on their employees.

Typically, stalkware allows you to remotely intercept messages, photos, browsing history, GPS coordinates and even phone call data.

They work by pairing an online account to an app that is installed on the device you wish to spy on.

Users can then remotely access the phone’s data without the owner knowing they are under surveillance.

Stalkware apps are technically legal, but have stirred controversy in the past when people have employed them for illicit spying. 

The location data, however, is so specific, it shows victims while riding on buses, going to church and other ‘sensitive locations,’ Zach Whittaker with TechCrunch reports.

While the US had more data points collected, India came in second with more than 77,425, then Indonesia with more than 42,701 and fourth is Argentina with 19,015.

The UK was ranked as fifth with 12,801 collected location data points.

TechCrunch also notes in its report that it observed data that was likely pulled from devices belonging to children.

Breaking the data down to focus on just the US, the database shows 11 states where thousands of calls were recorded from 164 devices – California had the most compromised devices with 76.

The other states are: Pennsylvania (17 devices); Washington (16 devices); Nevada (14 devices); Illinois (14 devices0; Massachusetts (10 devices); Florida (six devices); New Hampshire (two devices); and Delaware with one device.

Photos and videos stored on the devices were also found in the database – a total of 473,211 records.

This allowed TechCrunch to sift through screenshots, images exchanged in text messages and those saved to the camera roll.

There was also 454,641 records of data pulled from the user’s keyboard, known as a keylogger, which included sensitive credentials and codes pasted from password managers and other apps.

And the database had 231,550 records of networks that each device connected to, such as the Wi-Fi network names of hotels, workplaces, apartments, airports and other guessable locations.

Read more at DailyMail.co.uk