The US Federal Trade Commission on Wednesday announced a proposed settlement with Support King, the company behind the stalkerware app for Android devices, SpyFone and CEO Scott Zuckerman.
The settlement prohibits the company and Zuckerman from monitoring, and requires the deletion of the data collected. It also requires notification of surveillance to victims.
This case is an important reminder that surveillance companies pose a significant threat to our safety and security, said Samuel Levine, Deputy Director of the FTC Office of Consumer Protection.
The FTC will be more aggressive in banning companies and executives who blatantly intrude on our privacy, the agency added - signaling an escalation of the service's crackdown on stalkerware, which began in a lawsuit against developers of similar tools in 2019.
Although stalkerware applications often appear's as a way of tracking children or employees, their capabilities and hidden nature have made them a very popular tool. These applications have grown over the years and can have devastating consequences for victims.
The FTC Commissioners voted unanimously in favor of the settlement, for which they will make the final decision 30 days after a public comment period.
However, Commissioner Rohit Chopra issued a separate statement arguing that the FTC's action is not enough. Victims also deserve some financial compensation, and law enforcement should consider these companies for prosecution.
The SpyFone app has allowed customers to secretly monitor its victims' devices as a subscription service, according to the FTC complaint, with prices starting at $ 99,95 a year. The "Extreme" version of the app could also take photos remotely, record audio through the device's microphone, record calls, and force the device to vibrate or ring on command, according to the complaint.
The installation of the application required bypassing security measures and in some cases rooting the phone, which could make the device more vulnerable to other risks, the FTC said.
But the company said it did not allow its customers to spy on the victims.
In 2018, a researcher discovered terabytes of data from the SpyFone application (photos, audio, text, browsing history and location information) on the Internet inside an incorrectly configured Amazon S3 bucket, Motherboard reported.
In a report released by ESET earlier this year, the company's researchers found more than 150 security issues in 58 Android stalkerware applications. They also noticed almost five times more Android stalkerware in 2019 compared to 2018 (and 48 percent more of them were detected between 2019 and 2020).
The company and Zuckerman neither admit nor deny the allegations in the proposed consent order.
However, the company should immediately delete all the data it has collected, as well as seek to inform both its customers and their victims about the action of the application. Of course the first condition of the settlement is to stop the development of the application.