"A short time after TechCrunch contacted Zuckerman for comment, SpyTrac’s website went offline with a message saying the “product is temporarily not available.” The websites for SpyTrac’s clone stalkerware apps, StealthX Pro and its Spanish-language clone Espía Móvil, also went offline. Aztec Labs’ website also stopped loading.

After TechCrunch published this piece, Support King’s website also went offline."

"Because each message recorded in the data contained every phone number in the same chat, it was possible to follow entire conversations, including from children who were using the JusTalk Kids app to chat with their parents."

I'd love to see a culture of pentest results being more standardized and widely published for apps to help inform consumers.

The author of the paper, cited in the report, said, "Any person with a little knowledge of cellular paging protocols can carry out this attack... such as phone call interception, ___location tracking, or targeted phishing attacks."

"Until now, nobody has been able to look inside at how one of these scams work -- especially one that's been so prolific, generating millions of dollars in royalties by cashing in on unwitting buyers who are tricked into thinking these ebooks have some substance.

Shershnyov was able to stay in Amazon's shadows for two years by using his scam server conservatively so as to not raise any red flags.

What eventually gave him away weren't customer complaints or even getting caught by the bookseller. It was good old-fashioned carelessness. He forgot to put a password on his server."