FTC bans spyware app SpyFone, orders it to delete illegally harvested data
On Wednesday, the Federal Trade Commission announced it had banned spyware maker SpyFone and its CEO Scott Zuckerman from the surveillance business. The commission called SpyFone a “stalkerware app company” that allegedly harvested and shared data about people’s movements, phone use, and online activity via a hidden device hack.
“The company’s apps sold real-time access to their secret surveillance, allowing stalkers and domestic abusers to stealthily track the potential targets of their violence,” the FTC said in a statement. “SpyFone’s lack of basic security also exposed device owners to hackers, identity thieves, and other cyber threats.”
In addition to the ban, the FTC ordered SpyFone to delete illegally harvested data and notify device owners when the app had been installed without their knowledge.
“We must be clear eyed about the variety of threats that surveillance businesses pose,” FTC chair Lina Khan said in a statement. “The FTC will be vigilant in its data security and privacy enforcement and will seek to vigorously protect the public from these dangers.”
Stalkwerware apps, which are banned by app stores, can be used to track a user’s movements and online activities without their knowledge, sometimes marketed as ways to for “catching a cheating spouse” or, more subtly, to keep tabs on employees or children, according to the Electronic Frontier Foundation (EFF). Such apps can be used to perpetuate harassment and abuse, according to the Coalition Against Stalkerware.
SpyFone ran at a phone’s root level for several of its functions, the FTC said, including monitoring email and video chats.
The app and its CEO are banned from “offering, promoting, selling, or advertising any surveillance app, service, or business,” according to the FTC.
The EFF praised the FTC’s order. “With the FTC now turning its focus to this industry, victims of stalkerware can begin to find solace in the fact that regulators are beginning to take their concerns seriously,” the foundation’s leadership wrote in a blog post.
The FTC board voted 5-0 to accept the consent order with the company. SpyFone, which is now doing business as Support King, did not admit or deny the FTC’s allegations, according to the consent order agreement (pdf). Commissioner Rohit Chopra issued a separate statement, saying the proposed order “in no way releases or absolves” the company or the CEO from potential criminal liability
“While this action was worthwhile, I am concerned that the FTC will be unable to meaningfully crack down on the underworld of stalking apps using our civil enforcement authorities,” Chopra wrote. “I hope that federal and state enforcers examine the applicability of criminal laws, including the Computer Fraud and Abuse Act, the Wiretap Act, and other criminal laws, to combat illegal surveillance, including the use of stalkerware.”