Updated on 2022-10-30: Leaked data shows TheTruthSpy tracked thousands of Americans
Earlier this year, I obtained the core database of TheTruthSpy’s stalkerware operation, and built a lookup tool to let anyone check if their devices were compromised. Since then we spent weeks analyzing the rest of the database, and it’s huge. The leaked data shows at least 360,000 devices were compromised (up until April, when the database was leaked). But in just six weeks of the most recent data, the database included thousands of GPS location data points, millions of call logs and text messages, and more. Stalkerware is an international problem but more, including from antivirus companies, has to be done to combat it.
Updated on August 2022: TechCrunch launches tool to check for TheTruthSpy stalkerware
On Wednesday at my day job (disclosure alert!), I launched a free lookup tool that lets anyone check if their Android device was compromised by a fleet of stalkerware apps, including TheTruthSpy, which all share the same infrastructure and the same security bug that’s spilling the phone data of hundreds of thousands of victims. After receiving a leaked list of every device that was compromised earlier this year, we built the tool so anyone can check for themselves (since the data wasn’t enough to identify or notify victims), and how to remove the spyware if it’s safe to do so. The list contains about six years of compromised devices up to April 2022, presumably when the data was dumped from TheTruthSpy’s internal network.
TechCrunch's @zackwhittaker has built a lookup tool you can use to see if your Android device has been compromised by a fleet of computer-grade stalkerware apps he has been investigating. If this is a concern for you, take a look: https://t.co/d8cH3la9X0
— EFF (@EFF) August 17, 2022
NEW: Today @TechCrunch launched a spyware lookup tool that allows anyone to check if their Android device was compromised by a fleet of stalkerware apps, including TheTruthSpy, after we obtained a leaked list of compromised devices. https://t.co/ofJlRsLU7e
— Zack Whittaker (@zackwhittaker) August 17, 2022
Read more in
- TheTruthSpy exposed: This spyware lookup tool says if your Android device was compromised
- Your Android phone could have stalkerware, here’s how to remove it
- TechCrunch launches TheTruthSpy spyware lookup tool
Overview: Android stalkerware exposing images of children
TheTruthSpy, a notorious Android stalkerware app that encourages users to spy on their spouses, is exposing data collected from victims’ phones that includes photos of children and babies, and granular location data. Anyone who knows the link to the exposed data can find it, per @josephfcox. TheTruthSpy is one of several near-identical stalkerware apps with the same security flaw.
Read more in
- Android Stalkerware ‘TheTruthSpy’ Exposing Images of Children Online
- Behind the stalkerware network spilling the private phone data of hundreds of thousands
New: TheTruthSpy, a popular piece of Android stalkerware that has marketed itself to abusive people to spy on their spouses, is exposing images of children and others related to babies. Very personal photos just sitting there online https://t.co/PIiR3Hxbt9
— Joseph Cox (@josephfcox) June 9, 2022