5 Android Apps That Were Caught Spying

In this day and age, privacy seems to be about as mythical as unicorns. We can't help but wonder, how many more popular applications are out there, pulling the wool over our unsuspecting eyes.
Listen to this story

Recently, an Android app called iRecorder – Screen Recorder was busted spying on Android phones. The sneaky little app not only recorded the screen like it was supposed to, but it also had a secret side gig as an audio spy, sending your confidential conversations to a developer’s server like it was the latest gossip.

But wait, there’s more! This app wasn’t just a one-time offender, oh no. It had been lurking in the shadows of the Google Play Store since September 2021, amassing a staggering 50,000 downloads. Apparently, its creator had a knack for multi-tasking, as they managed to master the art of screen recording while moonlighting as a shady server’s courier for your intimate conversations.

In this day and age, privacy seems to be about as mythical as unicorns. We can’t help but wonder, how many more popular applications are out there, pulling the wool over our unsuspecting eyes. Will we ever regain our privacy, or is it doomed to become an endangered species in the digital jungle?


CamScanner is a popular mobile application used for scanning documents using a smartphone camera. It allows users to convert images into PDF or JPEG files and offers additional features such as OCR (optical character recognition) for extracting text from scanned documents. However, the application is touted to be a safety hazard. 

Cybersecurity experts have found a malicious component installed in the app that acts as a Trojan Downloader and keeps collecting infected files. This kind of app can seriously damage the users’ phones and should be de-installed instantly. Luckily, once you remove it from your phone, it is highly unlikely that it will continue harming you.

The application was among the first tranche of Chinese apps to be banned by India in June 2020 over concerns about national security. 


Facebook is widely regarded as the worst app for compromising personal information, according to experts. Its data collection practices are extensive and often more invasive than those of Google. Raffi Jafari, cofounder and creative director of Caveni Digital Solutions, asserts that if you had to choose one app to delete for data protection, it should be Facebook.

In a recent development, the European Union imposed a record-breaking $1.3 billion privacy fine on Meta (formerly Facebook) and mandated the cessation of user data transfers across the Atlantic by October. This decision is the latest development in a long-standing case fueled by concerns about U.S. cybersnooping. The fine of 1.2 billion euros exceeds the previous highest penalty under the EU’s stringent data privacy regulations, which was Amazon’s 746 million euro fine in 2021 for data protection breaches.


The news is, even your beloved app, WhatsApp, isn’t entirely secure. In the past year, WhatsApp inadvertently released a “critical” vulnerability that has since been patched in newer versions of the app. However, older installations that haven’t been updated could still be susceptible. This information was disclosed in a September update on WhatsApp’s security advisory page and came to light on September 23rd.

This critical bug essentially allows attackers to take advantage of an integer overflow code error. By exploiting this vulnerability, attackers can execute their own code on a victim’s smartphone after initiating a specially crafted video call. Exploiting remote code execution vulnerabilities is a crucial step for installing malware, spyware, or other malicious applications on a target system. Essentially, it serves as a gateway for attackers to compromise the victim’s device further using techniques like privilege escalation attacks.

Flashlight Apps

According to numerous experts, free flashlight apps pose significant cybersecurity risks. Although these apps are available at no cost and are ad-supported, they often request permissions that seem necessary for their functionality, such as audio recording and access to contact information. However, when users install these apps, they unknowingly expose their personal data to app developers who monetize it by selling it to advertisers.

Zombie Mod

The infamous game has gained notoriety for its audacious endeavour to acquire an extensive range of personal data from users’ Google accounts, encompassing Gmail usernames and passwords. Furthermore, it shamelessly sought to generate profits through intrusive advertisements, which, in certain instances, resulted in device malfunctions, leaving users with no choice but to reset their devices and begin anew.

According to reports, this particular game has had a detrimental impact on over 50,000 Android users and is part of a group of modified games that share a common underlying code structure.

Download our Mobile App

Subscribe to our newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day.
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Our Recent Stories

Our Upcoming Events

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox