- The Federal Trade Commission (“FTC”) reached a settlement with stalkerware app company Support King, LLC d/b/a SpyFone.com and its CEO (collectively “SpyFone”) to resolve allegations that it secretly harvested and shared smartphone owners’ physical location data and information about their phone use and other online activities, and that it exposed smartphones to hacker attacks in violation of the FTC Act.
- The complaint alleged that SpyFone’s apps provided real-time access to the data of smartphone owners through a hidden device hack that allowed others, including stalkers and domestic abusers, to track the smartphones on which the apps were installed. In addition, SpyFone’s lax security measures, including storing sensitive information without encryption, exposed consumers to hackers and other cyber threats, including through a 2018 breach of SpyFone’s servers in which the personal information of 2,200 consumers was accessed and stolen.
- Under the terms of the proposed consent order, SpyFone will disable its stalkerware apps and destroy all personal information collected through these apps. SpyFone will also post conspicuous notices on its websites informing consumers of the FTC’s allegations against SpyFone and will send on-screen notifications to smartphones on which its apps were activated to apprise the owner of the smartphone that it may have been monitored. SpyFone will also implement an information security program documented in writing and subject to a third-party independent assessor. The agreement further bars SpyFone from offering monitoring products or services or being involved in businesses that offer such products or services.