In a major victory in our campaign to stop stalkerware, the Federal Trade Commission (FTC) today banned the Android app company Support King and its CEO Scott Zuckerman, developers of SpyFone, from the surveillance business. The stalkerware app secretly “harvested and shared data on people’s physical movements, phone use and online activities through a hidden device hack,” according to the FTC. The app sold real-time access to surveillance, allowing stalkers and domestic abusers to track potential targets of their violence.
EFF applauds this decision by the FTC and the message it sends to those who facilitate by technical means the behavior of stalkers and domestic abusers. For too long, this nascent industry has been allowed to thrive as an underbelly to the much larger and diverse app ecosystem. With the FTC now turning its focus to this industry, victims of stalkerware can begin to find solace in the fact that regulators are beginning to take their concerns seriously.
The FTC case against Support King is the first to outright ban a stalkerware company and comes two years after EFF and its Director of Cybersecurity Eva Galperin launched the Coalition Against Stalkerware to unite and mobilize security software companies and advocates for domestic abuse victims in actions to combat and shut down malicious stalkerware apps.
Stalkerware, a type of commercially-available surveillance software, is installed on phones without device users’ knowledge or consent to secretly spy on them. The apps track victims’ locations and allow abusers to read their text messages, monitor phone calls, see photos, videos, and web browsing, and much more. It’s being used all over the world to intimidate, harass, and harm victims, and is a favorite tool for stalkers and abusive spouses or ex-partners.
By using security vulnerabilities that may not yet be known to the public (known as zero-day exploits), stalkerware developers subvert the normal security mechanisms built into the mobile operating system and are able to deeply embed their malicious code into the device.
In a proposed settlement, the FTC bans Support King and Zuckerman from “offering, promoting, selling, or advertising any surveillance app, service, or business” and “to delete any information illegally collected from their stalkerware apps.” The ban sets an important precedent for developers who would consider developing apps that spy on and invade the privacy of their victims. The proposal will be subject to public comment for 30 days after publication in the Federal Register after which the FTC will decide whether to make the proposal final.
In 2019, EFF was one of the ten organizations that founded the Coalition Against Stalkerware, a group of security companies, non-profit organizations, and academic researchers that support survivors of domestic abuse by working together to address technology-enabled abuse and raise awareness about the threat posed by stalkerware. Among its early achievements are an effort to create an industry-wide definition of stalkerware, encouraging research into the proliferation of stalkerware, and convincing anti-virus companies to detect and report the presence of stalkerware as malicious or unwanted programs.