FTC Bans Stalkerware App in Industry First

Written by

The Federal Trade Commission (FTC) has issued its first ever ban of a stalkerware app and its CEO, in what could be the start of a crackdown on this category of controversial surveillance software.

The FTC kicked SpyFone and CEO Scott Zuckerman out of the surveillance business due to concerns that the app “secretly harvested and shared data on people’s physical movements, phone use and online activities through a hidden device hack.” That's basically the definition of stalkerware.

A second complaint was that the app required purchasers to “root” the Android devices they were looking to eavesdrop on, potentially voiding warranties and exposing them to security threats.

“The stalkerware app company not only illegally harvested and shared people’s private information, it also failed to keep it secure. The FTC alleges that SpyFone did not put in place basic security measures despite promising that it took ‘reasonable precautions to safeguard’ the information it illegally harvested,” the FTC notice continued.

“The stalkerware apps’ security deficiencies include not encrypting personal information it stored, including photos and text messages; failing to ensure that only authorized users could access personal information; and transmitting purchasers’ passwords in plain text.”

Moreover, in August 2018, a hacker managed to obtain data on 2200 consumers by accessing the company’s server. The FTC claimed that SpyFone failed to investigate the incident as it had promised.

Stalkerware operates in a kind of grey market, with software often marketed by nefarious developers as a legitimate way of monitoring teens and children, such as the Monitor Minor tool. However, in reality it is used by stalkers, domestic abusers and violent ex-partners to threaten and intimidate victims.

The FTC’s action this week could signal a new regulatory zeal in cracking down on the category.

Although Russia and Brazil are the top two countries for stalkerware, the US is in third place, according to Kaspersky data. The number of users is also on the rise in the UK.

As well as banning Support King, which did business as SpyFone, and CEO Scott Zuckerman, from selling surveillance software, the FTC will require them to delete any information illegally collected from their stalkerware apps and notify victims.

If you liked this article, be sure to check out this upcoming Online Summit session:

What’s hot on Infosecurity Magazine?