FTC bans spyware company SpyFone and its CEO from the surveillance industry

It will also have to inform people if its apps were secretly installed on their phones.

Sponsored Links

Skull of death symbol on the screen of smartphone on laptop computer. There is data flowing background. Selective focus on screen of the phone.
Ali Kerem Yücel via Getty Images

The Federal Trade Commission has banned spyware maker SpyFone and its CEO Scott Zuckerman from operating in the surveillance industry. The company has also been ordered to delete the data it allegedly illegally obtained and to inform targets of the stalkerware apps that the software had been covertly installed on their Android devices.

The FTC claims SpyFone "secretly harvested and shared data on people’s physical movements, phone use, and online activities through a hidden device hack." It says SpyFone sold real-time access to that information, which could have enabled domestic abusers and stalkers to track their targets. Some of those who bought the spyware were allegedly able to see live locations of devices and view targets' emails, photos, web browsing history, text messages and video calls.

The agency says SpyFone gave its customers instructions on how to install the app secretly and ensure the device user was unaware their activity was being monitored. The spyware had to gain root access to devices for some functions, which the FTC said "could expose the device to security risks."

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

What's more, SpyFone allegedly didn't secure the data it harvested. The FTC contends that the company didn't have basic security measures in place. "The stalkerware apps’ security deficiencies include not encrypting personal information it stored, including photos and text messages; failing to ensure that only authorized users could access personal information; and transmitting purchasers’ passwords in plain text," the agency said. That enabled a hacked to obtain personal data of around 2,200 people in 2018, according to the FTC.

Commissioners voted unanimously to ban SpyFone and Zuckerman from the surveillance industry. Specifically, the company and its CEO are prohibited from "offering, promoting, selling or advertising any surveillance app, service or business."

In 2019, the FTC banned Retina-X Studios from promoting and selling spyware apps unless it was able to prove the services were only being used for legitimate purchases. This time around, the agency is letting the public comment on the SpyFone and Zuckerman decision.

Commissioner Rohit Chopra said in a statement that the FTC action doesn't absolve SpyFone and Zuckerman from any criminal liability. "While this action was worthwhile, I am concerned that the FTC will be unable to meaningfully crack down on the underworld of stalking apps using our civil enforcement authorities," Chopra wrote. "I hope that federal and state enforcers examine the applicability of criminal laws, including the Computer Fraud and Abuse Act, the Wiretap Act and other criminal laws, to combat illegal surveillance, including the use of stalkerware."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget