Three notorious phone surveillance apps Cocospy, Spyic, and Spyzie spyware app have quietly gone offline following a major data breach that exposed the private data of millions. These nearly identical stalkerware apps, often installed without a victim’s knowledge, gave attackers unfettered access to sensitive data like messages, call logs, photos, and real-time location.
Designed to remain invisible on a device’s home screen, these apps have long enabled secret phone monitoring under the guise of parental control tools. However, their true use has often veered into illegal territory—spying on spouses or partners without consent.
Massive Security Flaw Exposed the Operation’s Scale
Earlier this year, a security researcher revealed that all three apps shared the same serious vulnerability. This flaw allowed anyone to access user data across all devices with the spyware installed. Even more alarming, it also exposed the email addresses of every person who signed up to use the apps—roughly 3.2 million in total.
These leaked email addresses were then submitted to Have I Been Pwned, a site that alerts users if their information has been compromised in a data breach.
Following public reporting on the issue, the apps suddenly stopped functioning. Their websites vanished, and their cloud servers—hosted on Amazon—were taken down. As of now, none of the apps appear operational, and attempts to contact the operators have failed.
Why Stalkerware Shutdowns Keep Happening
While it’s unclear whether legal pressure or panic caused the shutdown, it’s a familiar pattern. Surveillance app developers often vanish after public exposure or hacks. LetMeSpy, a Polish spyware service, permanently shut down in August 2023 after a data breach erased its servers. U.S.-based pcTattletale closed in May 2024 after a hack and defacement took down its website.
Since 2017, at least 25 stalkerware apps have suffered data breaches, with over 10—including Cocospy—shutting down afterward. The trend highlights the fragile, often unethical infrastructure behind these operations, which typically rely on insecure coding and poor security hygiene.
Despite being marketed as child safety or employee tracking tools, stalkerware is illegal when used without consent. These apps are banned from app stores and prohibited from running ads on search engines. Hosting providers like Amazon also prohibit surveillance operations from storing user data on their platforms—though enforcement often lags behind exposure.
How to Check if Your Phone Is Infected
Even though Cocospy, Spyic, and Spyzie have gone offline, individuals who may have been targeted should still check their devices.
To detect these hidden apps on Android phones, dial ✱✱001✱✱ and press the call button. This code will reveal the app if it’s installed. If found, it will show up under the name “System Service.” You can then delete it like any other app.
With the rise of digital stalking and spyware use in intimate partner abuse, knowing how to identify and remove these hidden threats has become more critical than ever.
