The US Federal Trade Commission (FTC) has ordered the developer of the SpyFone spyware app to delete all data that has been collected.
On September 1, the data watchdog said that SpyFone, together with the company’s chief executive Scott Zuckerman, are now also banned from the surveillance business and they must delete any information illegally harvested — as well as attempt to notify its victims.
“The stalkerware app company secretly harvested and shared data on people’s physical movements, phone use, and online activities through a hidden device hack,” the FTC says. “The company’s apps sold real-time access to their secret surveillance, allowing stalkers and domestic abusers to stealthily track the potential targets of their violence.”
Spyware, also sometimes described as stalkerware, is usually installed through access to a mobile phone and is able to track a user’s conversations, contacts, emails, harvest GPS location data, and monitor social media, among other functions. Spyware is often marketed as software for monitoring children and employees but may be turned to purposes including spying on partners and family members without their consent.
The FTC alleges (.PDF) that Puerto Rico-based Spyfone, now doing business as Support King, LLC, sold stalkerware that allowed customers to monitor individuals “without the device owner’s knowledge.” Furthermore, the agency claims that Spyfone also “provided instructions on how to hide the app so that the device user was unaware the device was being monitored.”
Spyfone and Zuckerman have also been accused of failing to meet basic security standards in protecting the information illegally collected by the apps. In 2018, an unsecured, online server reportedly leaked terabytes of data harvested from Spyfone-infected mobile devices.
The exposed information has been added to the Have I Been Pwned search engine.
“The company promised purchasers that it would work with an outside data security firm and law enforcement authorities to investigate the incident,” US regulators say. “The FTC, however, alleges that the company failed to follow through on this promise.”
Support King and Zuckerman are now banned from “offering, promoting, selling, or advertising any surveillance app, service, or business.” The FTC says that this is the first ban of its kind against a spyware app.
“The stalkerware was hidden from device owners, but was fully exposed to hackers who exploited the company’s slipshod security,” commented Samuel Levine, Acting Director of the FTC’s Bureau of Consumer Protection. “We will be aggressive about seeking surveillance bans when companies and their executives egregiously invade our privacy.”
In a separate statement (.PDF), Commissioner Rohit Chopra said, “the FTC’s proposed order in no way releases or absolves Support King or Scott Zuckerman of any potential criminal liability.”
ZDNet has reached out to Support King for additional comment and we will update when we hear back.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0