Getty Images/iStockphoto

FTC drops the hammer on SpyFone for privacy violations

The FTC has decried SpyFone, a remote tracking app for mobile phones, as stalkerware and ordered it to notify all individuals who were tracked by the app.

The Federal Trade Commission issued a damning statement against phone tracking software vendor SpyFone, as well as an order that the company notify anyone who may have had the tracking tool covertly installed.

The FTC on Wednesday labeled SpyFone as "stalkerware" and accused the vendor of secretly enabling stalkers and domestic abusers to track the activity of their victims without permission. While the software advertises itself as a tool for parents and employers who want to keep tabs on others, critics note that the surveillance tools are often covertly installed by abusers in order to track and stalk their victims.

"The illegal secret surveillance provided by the apps made it easy for stalkers and abusers to monitor their potential targets and steal sensitive information about their physical movements, phone use, and online activities," the FTC said in its statement.

"For example, some of the products allowed a purchaser to see the device's live location and view the device user's emails and video chats." 

As a result, the FTC has banned SpyFone and its CEO Scott Zuckerman from selling or promoting any surveillance software or services. Under a proposed settlement with the FTC, the company will have to delete all of its collected data and notify anyone who had the software installed that their activity was being tracked.

In addition to its sales, the FTC says that SpyFone was also allowing people to be tracked by failing to provide proper security for the data it handled. The commission noted a 2018 data breach where a hacker managed to lift the tracking data of 2,200 customers, noting that SpyFone failed to follow up on its promises to improve its data security.

"The company's apps sold real-time access to their secret surveillance, allowing stalkers and domestic abusers to stealthily track the potential targets of their violence," the FTC said.

"SpyFone's lack of basic security also exposed device owners to hackers, identity thieves, and other cyber threats. In addition to imposing the surveillance-business ban, the FTC's order requires SpyFone to delete the illegally harvested information and notify device owners that the app had been secretly installed."

As is typical with these type of settlements, SpyFone did not formally agree to any wrongdoing, despite allowing the FTC to ban both the company and its CEO from doing any surveillance business.

Government agencies and security experts alike have warned that stalkerware apps like SpyFone pose enormous risks to users' privacy and the security of their devices.

"To install its software, SpyFone required purchasers who used the apps on Android devices to bypass many of the phone's restrictions. The stalkerware company also provided instructions on how to hide the app so that the device user was unaware the device was being monitored," said the FTC. "In order to use some functions, such as monitoring email, purchasers had to 'root' a phone on which the app is installed, which also could void warranties and expose the device to security risks."

Dig Deeper on Network security

Enterprise Desktop
Cloud Computing