The settlement prohibits the company and Zuckerman from monitoring, and requires the deletion of the data collected. It also requires notification of surveillance to victims.
This case is an important reminder that surveillance companies pose a significant threat to our safety and security, said Samuel Levine, Deputy Director of the FTC Office of Consumer Protection.
The FTC will be more aggressive in banning companies and executives who blatantly intrude on our privacy, he added - signaling an escalation of service repression. stalkerware from the service, which began with a lawsuit against developers of similar tools from 2019.
Although the applications stalkerware often seemingly circulating as a way of watching children or employees, their capabilities and hidden nature have made them a very popular tool. These applications have grown over the years and can have devastating consequences for victims.
The FTC Commissioners voted unanimously in favor of the settlement, for which they will make the final decision 30 days after a public comment period.
However, Commissioner Rohit Chopra issued a separate statement arguing that the FTC's action is not enough. Victims also deserve some financial compensation, and law enforcement should consider these companies for prosecution.
The application SpyFone allowed customers to covertly monitor its victims' devices, as a subscription service, the FTC complaint claims, with prices starting at $ 99,95 a year. The "Extreme" version of the app could also take photos remotely, record audio through the device's microphone, record calls, and force the device to vibrate or ring on command, according to the complaint copy.
The installation of the application required bypassing security measures and in some cases rooting the phone, which could make the device more vulnerable to other risks, the FTC said.
But the company said it did not allow its customers to spy on the victims.
In 2018, a researcher discovered terabytes of data from the application SpyFone (photos, audio, text, browsing history and location information) on the internet in an incorrectly configured Amazon S3 bucket, Motherboard reported.
In a report released by ESET earlier this year, the company's researchers found more than 150 security issues in 58 Android applications stalkerware. They also noticed almost five times more Android stalkerware in 2019 compared to 2018 (and 48 percent more of them were identified between 2019 and 2020).
The company and Zuckerman neither admit nor deny the allegations in the proposed consent order.
However, the company should immediately delete all the data it has collected, as well as seek to inform both its customers and their victims about the action of the application. Of course the first condition of the settlement is to stop the development of the application.