Tracking software consists of steps that can also be defined as digital espionage, which includes collecting, transmitting and storing information about the activities of those who have software installed on their devices. Such software can track the victim’s device’s GPS location, conversations, pictures, browser history, and more. Tracking software makers promote their apps as if they’re meant to provide protection to children, employees, or women, to stay out of sight and avoid being flagged as tracking software.
More than 150 security issues detected in 58 apps
ESET researcher Lukas Štefanko shared the results of the research, which focused on security and privacy issues in increasingly popular Android apps. Within the scope of the research, 86 different tracking software applications running on the Android platform, provided by 86 different manufacturers, were manually analyzed. Serious security and privacy issues identified. For example, an attacker could use the app to gain control of a victim’s device, a stalker’s account or data. The attacker can plot against the victim by uploading fabricated evidence or cause the victim to remotely execute code on their smartphone.
Applications have very serious security problems
Commenting on the research results, Štefanko said: “Our research should serve as a warning to future potential customers of stalker software to reconsider using the software against their spouses and loved ones, because it is both unethical and may expose their spouse’s private and intimate information. It can put them at risk of cyber attack and fraud. Because there may be a close relationship between the follower and the victim, the private information of the follower may also be exposed. During our research, we found that some tracker software uses the app to store information about followers and collects their victims’ data on a server even after the trackers request the data be deleted.
We discovered a total of 158 security and privacy issues in 58 of the Android apps that could have a serious impact on a victim. We found that even the tracker or app maker could be at risk. We have repeatedly reported these issues to affected manufacturers, following our 90-day coordinated disclosure policy. Unfortunately, to date, only six manufacturers have fixed the issues we’ve reported on their apps. Forty-four manufacturers have not responded, while seven have promised to fix their issues in an upcoming update, but have yet to release any patched updates. A vendor also decided not to fix the reported issues.”