mobile-phone-1572901_1920
Android smartphone TheDigitalWay/pixabay.com

The Federal Trade Commission voted unanimously Tuesday to approve a proposed settlement to bar developers of three stalking apps from selling apps that monitor consumers’ mobile devices unless they can guarantee the apps will be used only for legitimate purposes.

The proposed settlement requires Retina-X Studios LLC and its owner James N. Johns Jr. to delete the data already collected, alleging Retina-X and Johns failed to get users’ permission to monitor their devices and violations of the Children’s Online Privacy Protection Act.

The apps are MobileSpy, marketed as a tool to keep tabs on employees and children; and PhoneSheriff and TeenShield, marketed as a means of monitoring devices used by children. The three apps had more than 15,000 subscribers before the company stopped selling them in 2018.

The apps can monitor such things as call logs, text messages and chat messages.

“Сonsumer surveillance technology has evolved rapidly in recent years and the very purpose of surveillance activity has changed dramatically,” Kaspersky Labs said in a blog post earlier this month.

“While parental control apps aim to restrict access to risky and inappropriate content and persistently notifies a user about its requests, stalkerware is about providing the abuser with surveillance to spy on a victim, without the consent of an individual.”

Kasperksy noted the majority of such apps are not available in official app stores like Google Play.

Andrew Smith, director of the FTC’s Bureau of Consumer Protection, noted Tuesday’s settlement was the first action the agency has taken against stalkerware.

“Although there may be legitimate reasons to track a phone, these apps were designed to run surreptitiously in the background and are uniquely suited to illegal and dangerous uses,” he said.

Retina-X posted a notice on its website in March 2018 admitting it had been hacked repeatedly in the past year. The notice claims no personal data was compromised. The FTC complaint said, however, the hacker was able to delete certain information.

Installation of the Retina-X apps required purchasers to bypass manufacturer restrictions, exposing the devices to security vulnerabilities and likely invalidating manufacturer warranties. The FTC said Retina-X never took any steps to prevent the apps from being used for more than monitoring employees and children. The apps came with instructions on removing the app icon, so device users would not know the software had been installed, the FTC said in its complaint.

The complaint also said Retina-X outsourced its product development and maintenance to third parties and failed to implement reasonable security to make sure collected data was protected, despite claiming that private information was safe.