The Federal Trade Commission is finally cracking down on stalkerware.
The developers of MobileSpy, PhoneSheriff, and TeenShield will soon be barred from selling their "stalking apps" until they make some significant changes.
What are stalking apps, and why is the FTC addressing them?
Right now, they could be running in the background of your devices without you even knowing. This could impact your personal safety or the security of confidential business dealings you have underway.
Retina-X Studios and its owner, James Johns, Jr., own three apps designed to monitor the mobile devices on which they are installed without the knowledge or permission of the device's user.
Check out these features from the MobileSpy page. These are things you can secretly do if you get this app onto someone's phone:
- View their text messages (even if they delete them)
- View their messages posted on social media
- View their contacts and get alerts on any new contacts added
- See the pictures they are taking
- Track the phone's location using its GPS and be notified at regular intervals about where the device is now
And the really scary part, especially for stalking and abuse victims, is that once you install the app you can make its thumbnail and logo disappear from the device.
In other words, even if someone thinks they are being tracked or monitored, they won't see anything unusual by scrolling through screens. The digital surveillance is virtually invisible to the user.
Now the FTC is shining a light on these types of apps:
"This is our first action against a so-called 'stalking app,'" said Andrew Smith, Director of the FTC's Bureau of Consumer Protection. "Although there may be legitimate reasons to track a phone, these apps were designed to run surreptitiously in the background and are uniquely suited to illegal and dangerous uses. Under these circumstances, we will seek to hold app developers accountable for designing and marketing a dangerous product."
5 signs stalkerware might be running on your phone
While these stalking apps are known for living on your device without your knowledge, the FTC says there are some warning signs that your device may be infected with stalkerware. Let's take a look at these.
- An abuser has had physical access to your phone.
- An abuser continues to know specific information about you.
- Your phone's battery drains surprisingly fast.
- There are unexplained charges on your mobile bill.
- You have trouble when trying to turn off the phone.
Cybersecurity and privacy of stalkerware apps
In addition to allowing others to secretly track you and your phone, the FTC is also concerned because these apps collect an incredible amount of private data on you. That's information that could fall into the wrong hands more than once.
And the Federal Trade Commission claims Retina-X Studios is failing at cybersecurity:
"The company outsourced most of its product development and maintenance to third parties. The FTC alleges that Retina-X failed to adopt and implement reasonable information security policies and procedures, conduct security testing on its mobile apps, and conduct adequate oversight of its service providers."
And the company has apparently been breached before.
"The FTC alleges that a hacker was able to access the company's cloud storage account twice between February 2017 and 2018 and delete certain information. The hacker accessed data collected through the PhoneSheriff and TeenShield apps, including login usernames, encrypted login passwords, text messages, GPS locations, contacts, and photos.
The company and Johns did not learn about the first intrusion until April 2017 when they were contacted by a journalist, who was tipped off by the hacker.
Despite these failures, the legal policies for all three apps claimed that, 'Your private information is safe with us.'"
Stalkerware apps: what the FTC wants now
According to the FTC's action against the maker of MobileSpy, TeenShield, and PhoneSheriff, there are several things the company must do.
This includes requiring users to verify they are only using the applications to track their child's device or that of an adult who gave specific consent.
Also, the app thumbnail and logo must appear on the device on which the app is installed unless it is on the device of your child who is a minor.
And the FTC action requires that the company and its owner must implement and maintain a comprehensive information security program designed to protect the personal data they collect. And that there must be a third-party assessment of the security program every two years.
Is this enough to protect victims of stalking and abuse? That remains to be seen.
However, the FTC is clearly sending a message to makers of stalkerware: you are also being watched.
Check out the FTC case report here.