Why would you ever trust a spyware company anyway?
Companies like SpyFone aready make me uncomfortable. The company offers legal spyware. An application which can be downloaded onto a phone which allows people to spy on all activity taking place on the target phone. From phone calls to messaging to contacts to pictures. Everything that we’re used to seeing in the most horrific of malware, can be done with applications such as this? How is this legal? Because of who it is marketed for. It is supposedly meant for businesses or parents to install on their business owned employee or children’s phones. The user will need to have access to the phone, and be able to install and set up the application. Once this is done, the person using the phone will never know it is there. Many times these companies will even suggest using this type of software on a spouse’s phone.
I am all for employers protecting their information, and parents protecting their children. There are numerous ways to do this easily with mobile device management tools and parental controls which doesn’t end up with someone being unknowingly spied upon The whole idea of spyware leaves me feeling queasy. The ease with which they market spying doesn’t do a good job of making me trust them. And now there is a very good reason not to trust SpyFone.
An anonymous security researcher stumbled upon an unsecured Amazon S3 bucket belonging to SpyFone, which held both customer data, and data collected from the phones which they were spying on. The company had not secured the drive, and left an API open which left this information open to the public.
The information that was left exposed included 44,000 unique email addresses, photos, audio recordings, text messages, browsing history, GPS Data, IMEI numbers, names, hashed passwords, and device information. The mismanaged security left over 2,000 customers of the service and their targets information exposed to the public.
I wonder, if you’re using a software to spy on others private communication, should you really have an expectation of that company keeping your information private?