Stalkerware App SpyFone banned by FTC
The U.S. Federal Trade Commission announced banning SpyFone, a stalkerware app company. There were concerns that the entity was engaged in stealthily harvesting and sharing information regarding people’s movements, phone usage, and online actions to facilitate stalkers to keep an eye on the potential targets.
Samuel Levine, acting director of the FTC’s Bureau of Consumer Protection stated that SpyFone is a surveillance business that aids stalkers in stealing people’s private information. According to him, the stalkerware was not known to the device owners, but hackers had access to it. He added that this points to the fact that surveillance-based businesses impose risks to the safety and security of the people.
FTC ordered SpyFone to immediately delete the illegally obtained information and also inform the device owners of the secret installation of the app on their phones.
The app company claims to be the world’s Leading Spy Phone App and boasts of five million installations. But SpyFone was involved in enabling purchasers to secretly track photos, messages, emails, browsing histories, GPS locations, and other information in the devices. The apps were well equipped with features that allow the disappearing of its icon from the device’s home screen so that the victim doesn’t know that he is being monitored.
Moreover, the company failed to implement adequate protections to save data, leaving the information unencrypted. This was in addition to revealing the data without any authentication over the internet, along with transforming purchasers’ passwords in plaintext. It is also worthy to note that SpyFone suffered a data breach in 2018 when a threat actor accessed their Amazon S3 bucket, which was weakly protected. He then obtained the personal information of around 2,200 consumers.
The development is another move from FTC after banning Retina-X from selling stalkerware apps, which were used to keep an eye on employees and children. These were installed on the target devices by circumventing smartphone manufacturer restrictions without them knowing. This led to exposing the devices’ vulnerabilities.