The has banned maker SpyFone and its CEO Scott Zuckerman from operating in the surveillance industry. The company has also been ordered to delete the data it allegedly illegally obtained and to inform targets of the stalkerware apps that the software had been covertly installed on their Android devices.
The FTC SpyFone "secretly harvested and shared data on people’s physical movements, phone use, and online activities through a hidden device hack." It says SpyFone sold real-time access to that information, which could have enabled domestic abusers and stalkers to track their targets. Some of those who bought the spyware were allegedly able to see live locations of devices and view targets' emails, photos, web browsing history, text messages and video calls.
The agency says SpyFone gave its customers instructions on how to install the app secretly and ensure the device user was unaware their activity was being monitored. The spyware had to gain root access to devices for some functions, which the FTC said "could expose the device to security risks."
What's more, SpyFone allegedly didn't secure the data it harvested. The FTC contends that the company didn't have basic security measures in place. "The stalkerware apps’ security deficiencies include not encrypting personal information it stored, including photos and text messages; failing to ensure that only authorized users could access personal information; and transmitting purchasers’ passwords in plain text," the agency said. That enabled a hacked to obtain personal data of around 2,200 people in 2018, according to the FTC.
Commissioners voted unanimously to ban SpyFone and Zuckerman from the surveillance industry. Specifically, the company and its CEO are prohibited from "offering, promoting, selling or advertising any surveillance app, service or business."
In 2019, the FTC from promoting and selling spyware apps unless it was able to prove the services were only being used for legitimate purchases. This time around, the agency is letting the public comment on the SpyFone and Zuckerman decision.
Commissioner Rohit Chopra said in a statement that the FTC action doesn't absolve SpyFone and Zuckerman from any criminal liability. "While this action was worthwhile, I am concerned that the FTC will be unable to meaningfully crack down on the underworld of stalking apps using our civil enforcement authorities," Chopra wrote. "I hope that federal and state enforcers examine the applicability of criminal laws, including the Computer Fraud and Abuse Act, the Wiretap Act and other criminal laws, to combat illegal surveillance, including the use of stalkerware."