On October 22, the Federal Trade Commission (FTC) announced it is prohibiting developers of three ‘stalking’ apps from selling apps that track mobile devices unless certain measures are taken to ensure these are used for legitimate reasons. The settlement against Retina-X Studios, LLC and owner, James N. Johns, Jr. resolves claims of compromised privacy and security for devices with these apps.
The settlement requires the deletion of collected data from the stalking apps. It also prevents the promotion, sale, or distribution of any tracking or monitoring application the requires a user to bypass a device’s installed security features, without reasonable measures taken to ensure the app is used for legitimate purposes. The company must require purchasers to state they will only use the app to track their children or employees, or an adult that has given written consent.
The stalking apps in question are MobileSpy, PhoneSherriff and TeenShield. These apps accessed sensitive information about a smartphone’s activities, such as call history, text messages, photos, GPS locations, and browser history without the knowledge or permission of the smartphone user being spied upon. These were originally marketed to monitor children and employees, but no measures were taken to ensure these apps were used for those purposes. The FTC also raised concern that these apps could be used in domestic violence cases to spy on a partner. Phones with these apps were also more vulnerable to other security issues. The settlement also claims that inadequate measures were taken to secure the collected data.
“Although there may be legitimate reasons to track a phone, these apps were designed to run surreptitiously in the background and are uniquely suited to illegal and dangerous uses,” Andrew Smith, Director of the FTC’s Bureau of Consumer Protection said.
A hacker could access this sensitive information; in fact, this happened twice between February 2017 and 2018 to PhoneSheriff and TeenShield. The FTC claims that Retina-X and Johns broke the FTC’s unfair and deceptive practices rules and the Children’s Online Privacy Protection Act, applicable for information collected from children under 13 years old. The company sold more than 15,000 subscriptions before 2018, when it stopped selling these apps. On Retina-X’s website, there is a large notice informing visitors about the hack.
The settlement requires other precautions and safety measures to be taken before Retina-X is allowed to begin selling the apps again. The Commission voted 5-0 to proceed with the complaint and to accept the consent agreement. Each violation is a civil penalty with a fine of up to $42,530.