Cloud Providers AWS and Cloudflare Questioned About Alleged Monitoring App Data Storage

• Tech outlet questions cloud providers' response to alleged monitoring app data storage. 
• Three surveillance apps were recently found using Cloudflare and AWS infrastructure to store exfiltrated sensitive data.
• The leaked data reportedly includes private photos and other personal details and impacts a total of 3.1 million people.

This story has been updated with statements, corrections and explanations from an AWS spokesperson.

Amazon is facing criticism for hosting data from Cocospy, Spyic, and Spyzie apps weeks after being alerted to the issue, as the companies behind the spyware continue to upload sensitive phone data of a collective 3.1 million people to Amazon Web Services (AWS) servers.  

TechCrunch notified Amazon of the stalkerware-hosted data on February 20, providing specific storage bucket information where the data stolen from victims’ phones was being stored.

AWS responded by thanking TechCrunch for the report and provided a link to its abuse report form, but as of mid-March, no decisive action has been taken to disable the hosting servers.

In response to this statement, Ryan, the AWS spokesperson said, "AWS responded by requesting specific technical evidence through its abuse reporting form to investigate the claims. TechCrunch declined to provide this evidence or submit an abuse report."

Cocospy, Spyic, and Spyzie are Android apps that share identical source code and a known security flaw that’s relatively easy to exploit, and they are designed to collect phone data secretly. The current vulnerability exploits poorly secured servers used by these apps, allowing external access to exfiltrated data.  

The servers used by the apps hinted at Chinese origins and stored data on a mix of Cloudflare and AWS infrastructure.

The Spyzie app was similarly uploading stolen data to its own Amazon bucket, and TechCrunch alerted Amazon about it on March 10.

Amazon states that AWS enforces strict acceptable use policies and responds to reports of misuse. However, the company's procedural response has drawn criticism for delaying action on hosting stolen data.  

To this, Ryan clarified that AWS promptly responded and made multiple requests for the technical data needed to investigate, which were declined by TechCrunch. He further added, "AWS's request to submit the findings through its publicly available abuse reporting channel was questioned by the outlet, which declined to provide the requested technical data."

Stalkerware continues to thrive through direct downloads even though it is banned from official app stores, such as Google Play and Apple's App Store. While some vendors claim the apps are for legal purposes, their capabilities are often abused in ways that violate privacy laws.

Ryan concluded by adding, "We kindly request that you include our statement in full:

If anyone suspects that AWS resources are being used for abusive activity, they can report it to AWS Trust & Safety using the report abuse form at: https://support.aws.amazon.com/#/contacts/report-abuse. Find related information on our website regarding how to report abuse of AWS resources as well as answers to frequently asked questions."

TechNadu believes in free press and in reporting accurate information, presenting both sides of the story without any bias and being neutral.