On 21 June 2023, a well-known monitoring app used on the Android platform called ‘LetMeSpy’, which is used to monitor thousands of Android phones globally, placed a notice that there had been a security incident involving unauthorised access to the users’ data. Criminals gained access to email addresses, telephone numbers and the content of messages collected on accounts.
LetMeSpy is an app marketed for parental control or employee monitoring. The app is also specifically designed to stay hidden, as are most of these apps on a phone’s home screen, making it difficult to detect and remove. Also known as ‘stalkerware,’ these kinds of phone monitoring apps are often planted by a 3rd party — such as spouses or domestic partners — with physical access to a person’s phone without their consent or knowledge, which Valkyrie are seeing a high rise of recently with the cases they have been working on. Because these type of apps have a deep level of accessibility into the phone they are targeted by hackers.
Once planted, LetMeSpy silently uploads the phone’s text messages, call logs and precise location data to its servers, allowing the person who planted the app to track the person in real time. Valkyrie did some further digging and identified that the data is available on websites; however, Due to the widespread presence of personally-identifiable-information (PII) such as identification documents, the data is only being made available to journalists and researchers.
LetMeSpy is the latest in a long list of spyware and phone monitoring apps that have been hacked, breached, or exposed victim’s data in recent years, others include – Xnspy, KidsGuard, TheTruthSpy and Support King.
If you haven’t done so already, you should switch on Google Play Protect, this is one of the best safeguards to defend against malicious Android apps. You can do this from the settings menu in Google Play.
It’s not clear who is behind the LetMeSpy hack or their motives. But the breach again highlights the concern in regard to these type of apps, technology and personal data. Research indicates that the threat of stalkerware has increased threefold over the past 3 years. Having access to your data, whether it be a malicious actor or a social media platform monitoring your activities online for marketing, your data is being taken and due to the amount of data there is, both criminals and providers can quickly paint an intelligence picture about you, your habits, behaviour patterns, likes and dislikes. Ensure you know where your data is and understand how to minimise your footprint online – protect your devices and your data.