A little-known phone surveillance app called Spyzie has been found to have compromised over half a million Android devices, as well as thousands of iPhones and iPads. According to a security researcher, most of the affected users are likely unaware that their devices have been breached.
Spyzie shares a vulnerability with other stalkerware apps, such as Cocospy and Spyic, which were also exposed due to a bug that allows unauthorized access to phone data. This flaw exposes messages, photos, location data, and email addresses of those who signed up to use Spyzie to monitor others’ devices. The researcher used the bug to collect 518,643 email addresses of Spyzie’s customers, sharing this data with TechCrunch and Troy Hunt of Have I Been Pwned.
While these apps are often used to monitor children (legally in some cases), the data breaches show that such surveillance puts both customers and victims at risk of data theft. Even more concerning, the majority of the compromised devices were Android phones, which require physical access to install Spyzie. It also affected around 4,900 Apple devices by exploiting iCloud credentials.
Spyzie is now the 24th stalkerware operation to be compromised or exposed, revealing the increasing risks of using these kinds of surveillance tools. Spyzie has yet to fix the vulnerability, and TechCrunch’s request for comment has gone unanswered.
If you suspect Spyzie is installed on your device, there are ways to check. Android users can dial ✱✱001✱✱ to detect the app, as it typically remains hidden from view. For iPhone and iPad users, enabling two-factor authentication for Apple IDs and reviewing connected devices can help secure accounts and prevent further breaches.
If you or someone you know is experiencing this type of surveillance, reaching out to the National Domestic Violence Hotline or the Coalition Against Stalkerware can provide essential support and resources.
