Privacy & Information Security Law Blog

On September 1, 2021, the Federal Trade Commission banned Support King, LLC, the operator of SpyFone.com (“SpyFone”), and its CEO, Scott Zuckerman, from offering, promoting, selling or advertising any surveillance app, service or business. The FTC alleged SpyFone allowed purchasers to illegally surveil other individuals by surreptitiously monitoring a device user’s activity without the device user’s knowledge. The FTC also alleged that SpyFone failed to safeguard such illegally harvested personal information by failing to put in place basic security measures.

SpyFone markets its app as a tool to watch over one’s family or loved ones. Once installed on a device, the purchaser of the app gains access to the device user’s online activity, photos, text messages, GPS location and other personal information. The FTC alleged that SpyFone provides instructions on how to hide the app so that the device user remains unaware of the surveillance, making it easier for stalkers and domestic abusers to monitor their potential targets in real-time. Installation of the app on Android devices requires bypassing many of the phone’s restrictions, and certain monitoring functions, such as email monitoring, require purchasers to “root” the device, which could expose the device to other security risks. The FTC also alleged that SpyFone failed to keep the illegally collected information secure, including by failing to encrypt the data. In August 2018, a hacker was able to access SpyFone’s server and obtain the personal information of about 2,200 individuals. Following the incident, SpyFone promised to investigate and upgrade its security, but the FTC alleged that it failed to follow through on its promise.

This is the second case the FTC has brought against stalkerware apps but the first time the Commission has issued a market ban. The Commission’s proposed settlement also requires SpyFone to (1) notify device users on which SpyFone’s apps were installed that they may have been monitored and their devices may not be secure; and (2) delete any information illegally collected by the app.