The United States Federal Trade Commission banned SpyFone from engaging in the surveillance business on September 1, after it was alleged that the app company “stalkerware” was stealing data about people’s physical movements, phone usage, and online activities through a covert hack from the victims’ devices collected and passed on.
“The company’s apps sold real-time access to their secret surveillance, allowing stalkers and domestic molesters to clandestinely pursue the potential targets of their violence. SpyFone’s lack of basic security also exposed device owners to hackers, identity thieves, and other cyber threats. In addition to banning the surveillance business, the FTC order requires SpyFone to delete the illegally collected information and notify device owners that the app was stealthily installed, ”the FTC said in a Press release.
Stalkerware is a growing phenomenon around the world and can thrive in places with sparse privacy laws. While many platform-based privacy concerns are largely macro-level, stalkerware enables motivated individuals to keep an eye on people with terrifying scrutiny. The US has no data protection law (like the European Union), but its crackdown on the stalkerware business model could encourage similar action elsewhere.
According to security firm Kaspersky, India is the country with the fourth highest incidence of stalkerware incidents with at least 4,627 cases identified; it is the hardest hit country in Asia, according to the company’s estimates (perhaps after China, which, oddly enough, is not in the top ten).
In extreme cases, FTC will apply for “surveillance bans”
“SpyFone is a bold brand name for a surveillance company that helped stalkers steal private information,” said Samuel Levine, acting director of the FTC Bureau of Consumer Protection. “The stalkerware was hidden from device owners, but was completely exposed to hackers who took advantage of the company’s sloppy security measures. This case is an important reminder that surveillance-based organizations pose a significant threat to our security. We will act aggressively against surveillance bans when companies and their executives are intruding on our privacy. “
The FTC claimed that the app allowed buyers to secretly monitor photos, text messages, web histories, GPS locations, and other personal information on the phone on which the app was installed without the device owner’s knowledge.
This is how SpyFone works
In order to install the software, SpyFone required buyers using the apps on Android devices to bypass many of the phone’s limitations. The stalkerware company also provided instructions on how to hide the app so the device user wouldn’t know the device was being monitored, the FTC claimed. To take advantage of some features, such as email monitoring, buyers had to “root” a phone that had the app installed, which removed the factory restrictions on a device.
Some of the products enabled a shopper to see the live location of the device and view the device user’s emails and video chats.
- Data not safely stored: The FTC alleged that SpyFone had failed to take basic security measures, despite promising to take “reasonable precautions” to protect information illegally collected. The security flaws of the Stalkerware apps include the failure to encrypt stored personal information, including photos and text messages; There is no guarantee that only authorized users can access personal data and that the buyers’ passwords are transmitted in clear text.
- Violation not investigated: Additionally, after a hacker accessed the company’s server in August 2018 and obtained personal information from approximately 2,200 consumers, the company promised buyers to work with an outside data security firm and law enforcement agencies to investigate the incident. However, the FTC claims the company failed to deliver on that promise.
Do you have anything to add? Post your comment and give someone a MediaNama as a gift subscription.