It has emerged that the phone tracking applications Cocospy and Spyic have been used to track users’ private information. It was reported that the data of millions of users who unknowingly downloaded the applications onto their devices has been exposed.

Due to a security flaw in the mobile device tracking applications Cocospy and Spyic, it was determined that any individual could access users’ messages, photos, call records, and personal data. An independent security researcher who identified the error stated that the two applications also allowed access to everyone’s email addresses. 2.65 million addresses were stolen. The researcher, whose name was not disclosed, exploited the security flaw to obtain 1,810,000 Cocospy customers’ email addresses and 880,167 Spyic customers’ email addresses, which were then provided to Troy Hunt, the head of the data breach notification service Have I Been Pwned (HIBP). Hunt announced that 2.65 million unique email addresses had been uploaded to HIBP, allowing individuals to search to see if their own email addresses were affected.

What are phone tracking applications used for? Phone tracking applications, also known as stalkerware, are used to track the location and activities of a device. These types of applications are generally used for parental control, employee monitoring, finding lost or stolen devices, or personal security in emergencies. When used without consent or with malicious intent, these applications can create ethical and legal issues. Security experts warn users to steer clear of such applications that can potentially be misused.

The identity of the operators behind Cocospy and Spyic remains unknown, although they are reported to be Chinese-affiliated applications. These applications are reportedly banned from official app stores, so they should be downloaded directly from the companies’ providers. Devices such as iPhones and iPads with these applications installed can allow access to the user’s data stored in iCloud.

What precautions can be taken? Security experts offer some advice to users who are concerned that a phone tracking application has been installed on their device without their knowledge. Google Play Protect can detect and disable such malicious software on Android devices. It is also recommended for iPhone and iPad users to set a long and unique password in their Apple accounts and activate two-factor authentication.