The United States Federal Trade Commission on September 1 banned the company SpyFone from engaging in the surveillance business, following allegations that the “stalkerware” app company secretly harvested and shared data on people’s physical movements, phone use, and online activities through a concealed hack of victims’ devices.
“The company’s apps sold real-time access to their secret surveillance, allowing stalkers and domestic abusers to stealthily track the potential targets of their violence. SpyFone’s lack of basic security also exposed device owners to hackers, identity thieves, and other cyber threats. In addition to imposing the surveillance-business ban, the FTC’s order requires SpyFone to delete the illegally harvested information and notify device owners that the app had been secretly installed,” the FTC said in a press release.
Stalkerware is a growing phenomenon around the world and can thrive in places with scant privacy laws. While a lot of platform-based privacy concerns are largely at a macro-level, stalkerware allows motivated individuals to keep scarily close tabs on people. The US does not have a data privacy law (like the European Union) but its action against the stalkerware business model could motivate similar action elsewhere.
According to security firm Kaspersky, India is the nation with the fourth-highest incidence of stalkerware incidents, with at least 4,627 cases identified; it is the most affected country in Asia per the firm’s estimates (quite possibly after China, which curiously doesn’t figure in the top ten).
FTC will seek “surveillance bans” in extreme cases
“SpyFone is a brazen brand name for a surveillance business that helped stalkers steal private information,” said Samuel Levine, Acting Director of the FTC Bureau of Consumer Protection. “The stalkerware was hidden from device owners, but was fully exposed to hackers who exploited the company’s slipshod security. This case is an important reminder that surveillance-based businesses pose a significant threat to our safety and security. We will be aggressive about seeking surveillance bans when companies and their executives egregiously invade our privacy.”
The FTC alleged that the app allowed purchasers to surreptitiously monitor photos, text messages, web histories, GPS locations, and other personal information of the phone on which the app was installed without the device owner’s knowledge.
How SpyFone works
To install its software, SpyFone required purchasers who used the apps on Android devices to bypass many of the phone’s restrictions. The stalkerware company also provided instructions on how to hide the app so that the device user was unaware the device was being monitored, the FTC alleged. In order to use some functions, such as monitoring email, purchasers had to “root” a phone on which the app is installed, removing factory restrictions on a device.
Some of the products allowed a purchaser to see the device’s live location and view the device user’s emails and video chats.
- Data not kept secure: The FTC alleged that SpyFone did not put in place basic security measures despite promising that it took “reasonable precautions to safeguard” the information it illegally harvested. The stalkerware apps’ security deficiencies include not encrypting personal information it stored, including photos and text messages; failing to ensure that only authorised users could access personal information, and transmitting purchasers’ passwords in plain text.
- Breach not investigated: Moreover, after a hacker accessed the company’s server and obtained personal data of about 2,200 consumers in August 2018, the company promised purchasers that it would work with an outside data security firm and law enforcement authorities to investigate the incident. The FTC, however, alleges that the company failed to follow through on this promise.
Also read
- FTC Sues To Break Up Facebook Again, With More Data To Back Monopoly Argument
- US FTC Orders Amazon, Facebook, 7 Other Tech Companies To Tell How They Process User Data
- Twitter Has Earmarked $150 Million As Fine For FTC Probe Into Misuse Of Phone Numbers, Email Addresses
Have something to add? Post your comment and gift someone a MediaNama subscription.
