One Retina-X feature didn't make it into Family Orbit, as far as I can tell: the ability to hide itself on monitored devices.
This is less bad. It's explicitly designed for parents, which makes it a bit less likely to empower abusers.
It's still an awful idea to spy on your kids. If you trust RSPL to do it for you, that's a threat itself.
Retina-X Studios co-founder Zeeshan Alam ran Retina Software Private Limited, their India office that built all RXS apps and Family Orbit too.
I don't know who owns AppOBit LLC, Family Orbit's publisher in the US. They claim to be separate from Retina-X Studios and their app wasn't as creepy, so I left it alone at the time.
While digging through the Retina-X breach data, I saw their developers were also building an app called Family Orbit, but not under the Retina name.
Here's an example from the second Retina-X breach. PhoneSheriff uploaded this photo, taken while someone was testing Family Orbit's photo upload function in 2015. The IDE shows they also worked on Teenshield.
I hacked a spyware company again.
Here's why: After Retina-X Studios shut down their operations, I said this: "maybe they'll just resurface under another name, in which case I'll be watching."
Family Orbit has a lot in common with the Retina-X products I breached (twice). It has the same design patterns and it's developed by the same people.
RXS: "The perpetrators of these illegal acts have been motivated by their unfounded opposition to the private activities of parents and employers on devices they own and with the consent of users of the devices."
Your software is both technically and morally awful.
Technically: Your design choices left the intimate photos of thousands open to the entire internet. You had a password change API that would reset the password on any Net-Orbit account without checking the old one. (1/2)
Retina-X finally has something to say: http://retinax.com
If that goes down or changes, it's archived at https://web.archive.org/web/20180306072358/https://mypslogin.com/ps/panel/login.php
RXS is probably going to say something like this again: "Our child and employee monitoring software shows up as an icon and in the Installed Apps list on devices. There are also notifications to let the user of the device know that activities are being monitored."
Here's their install guide explaining how to turn that off.
Just for fun, here's the PhoneSheriff database SQL schema from the 2017 breach, before the entire thing was wiped. And no, they had no backups. They had to build a new DB from scratch.
Here's the 2018 edition of Retina-X Studios' breached (and wiped) cloud files: https://pastebin.com/UQqsDR5D
Starting to scratch the surface of Retina-X Studios breach data. These are the wiped Rackspace Cloud Files containers that held 1TB of captured photos and screenshots.
"A hacker known for SQL exploits of great magnitude", "wanted in the jurisdictions of several countries for his conduct relating to technological exploits"
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!