Kids' Photos and Locations Leaked by Family Snooping App Spyfone

Protect your child's data

Spyfone is an app designed for parents to spy on their kids’ phones. It claims on its website to be the world’s number one parental monitoring software.

And it apparently has very little regard for the data that it stores about the kids who are being spied on.

A researcher located an Amazon S3 bucket -- a form of online storage -- with no security at all. The bucket contained selfies, text messages, location data, and audio files from the phones of people whose devices are being watched by Spyfone.

It’s logical to assume that most of the people affected by this leak would have no idea that their data was being snooped on in the first place, making it extremely alarming.

Motherboard was able to check that the breach existed by signing up for Spyfone and taking photos. Shortly afterwards, the researcher, who wanted to remain anonymous, was able to retrieve the photos from the open Amazon S3 bucket and send them back.

Spyfone Data Laid Bare

The enormous Spyfone cache appears to contain thousands of unencrypted photos from the phones of more than 2,000 devices running Spyfone on iOS or Android.

Files available in the bucket also include more than 44,000 email addresses. These aren’t just email addresses from user accounts; they seem to also include people who the spied-on phones had contact with.

Unbelievably, it doesn’t stop there. Spyfone allegedly has absolutely no security on its back-end systems. Motherboard’s researchers were able to create their own accounts and find lists of users by altering URLs.

This situation proves the risk of using any monitoring software on a family member’s device. In some cases, the users who installed Spyfone would be concerned, privacy-conscious parents who felt that, for whatever reason, they needed to keep an eye on what their kids were up to on their phones. But software like this can also be used to spy on adults: ex-partners, employees, victims of abuse.

Should You Spy On Your Kids?

Even if you believe that so-called personal or consumer spyware like Spyfone is necessary and ethical, this data breach makes it very difficult to defend its use in the real world.

The fact that a company can collect so much data -- much of it extremely sensitive -- and then place it on a publicly-accessible service is almost unbelievable, particularly since Spyfone is a paid service -- and not a cheap one at that.


If Spyfone has been so sloppy as to allow this data to build up in an unprotected S3 storage instance, one has to wonder whether they put any effort at all into protecting their customers against hackers.

Protecting Your Child’s Data

Giving your children electronic devices is risky. From connected toys to rogue apps, there is always a chance that their data won’t be protected with the rigor you’d expect.

Any device that your child owns should have location services turned off. And parents should be wary of well-intentioned GPS tracking devices that often have a very lax approach to storing location data.

When it comes to the use of a phone, spyware is a controversial tool at the best of times, but this incredible cache of unsecured data proves that you may not be the only person spying on your kids.

Award winning antivirus protection from TotalAV. Stay 100% safe from malware and online threats.

Security & Privacy

NHS & Amazon Alexa Join Forces, Security Experts Divided
Following the NHS’ partnership with Amazon’s Alexa, querying health concerns may have just become even more efficient, or is this a chance for Amazon to know more personal information?
15 July 2019

Security & Privacy

Can Digital Wi-Fi Baby Monitors Get Hacked?
If your baby monitor is used over the internet or sends data to a remote location like the cloud or a home server, it could potentially be exploited by a cyber criminal prowling the web for vulnerable devices
15 July 2019

Industry Latest

Samsung Smart TV Virus Scan Tweet Raises Concerns
Samsung ruffle some feathers after encouraging customers to scan their smart TVs for viruses
26 June 2019